346 matches found
Xxe
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue...
CVE-2022-21949
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue...
CVE-2022-21949
A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue...
CVE-2022-0272
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0...
CVE-2022-0272 Improper Restriction of XML External Entity Reference in detekt/detekt
Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0...
CVE-2022-0272
CVE-2022-0272 concerns the Kotlin static analysis tool detekt. Multiple connected sources confirm an XML External Entity (XXE) restriction flaw in detekt/detekt prior to 1.20.0, attributed to the XML processing path (e.g., the read function in BaselineFormat.kt). Impact details in the sources ali...
detekt 代码问题漏洞
detekt is a static code analysis tool for the Kotlin programming language. A security vulnerability exists in detekt that stems from an improperly restricted XML external entity reference...
CVE-2021-43990
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call...
Xxe
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call...
CVE-2021-43990 ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform
The affected product is vulnerable to a network-based attack by threat actors supplying a crafted, malicious XML payload designed to trigger an external entity reference call...
PT-2022-11968 · Fanuc · Roboguide
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a network-based attack where threat actors supply a crafted, malicious XML payload. This payload is designed to trigger an external...
Delta Electronics DMARS
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DMARS Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain sensitive information...
CVE-2022-0221
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system...
enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability
Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Public Coverage / Complexity Scatter Plot' post-build step to have Jenkins parse a crafted...
Improper Restriction of XML External Entity Reference in Liquibase
The XMLChangeLogSAXParser function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference...
CVE-2022-0839
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0...
CVE-2022-0839
CVE-2022-0839 affects Liquibase in liquibase/liquibase prior to 4.8.0, due to improper validation in XMLChangeLogSAXParser() that enables XML External Entity processing. This could allow a remote attacker to disclose sensitive information or perform SSRF. The documented remediation is to upgrade ...
CVE-2022-0839 Improper Restriction of XML External Entity Reference in liquibase/liquibase
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0...
CVE-2022-0265 Improper Restriction of XML External Entity Reference in hazelcast/hazelcast
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1...
CVE-2022-23640 Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...