205 matches found
CVE-2024-51132
An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...
CVE-2024-51136
An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...
CVE-2024-51136
An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...
CVE-2024-28168
Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2450)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-22218
CVE-2024-22218/22219 describe an XXE vulnerability in Terminalfour versions 8.0.0001–8.3.18 and XML JDBC up to 1.0.4. An authenticated user can submit malicious XML via unspecified features, potentially leading to accessing the underlying server, remote code execution (RCE), or Server-Side Reques...
CVE-2024-22219
XML External Entity XXE vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution RCE, or...
Security Bulletin: Vulnerability in jackson-databind affects watsonx.data
Summary FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception and other causes Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By...
CVE-2024-38374
A flaw was found in cyclonedx-core-java. It is vulnerable to XML External Entity XXE injection due to an insecure configuration of the DocumentBuilderFactory used to evaluate XPath expressions...
XML External Entity (XXE)
org.cyclonedx:cyclonedx-core-java is vulnerable to XML External Entity XXE.The vulnerability is caused due to improper configuration of the DocumentBuilderFactory used to evaluate XPath expressions to determine the schema version of the BOM before deserializing CycloneDX Bill of Materials in XML...
RHEL 7 : libxml2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxml2: Missing validation for external entities in xmlParsePEReference CVE-2017-7375 - The...
RHEL 7 : activemq (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Spring Framework: XML External Entity XXE injection flaw CVE-2013-6429 Note that Nessus has not tested for this iss...
USN-6769-1: Spreadsheet::ParseXLSX vulnerabilities
Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage memory during cell merge operations. An attacker could possibly use this issue to consume large amounts of memory, resulting in a denial of service condition. CVE-2024-22368 An Pham discovered that Spreadsheet::ParseXLSX...
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
Impact XML External entity injections could be possible, when running the provided XML Validator on arbitrary input. POC js const Spec: Version , Validation: XmlValidator = require'@cyclonedx/cyclonedx-library'; const version = Version.v1dot5; const validator = new XmlValidatorversion; const inpu...
CVE-2023-51601
The CVE-2023-51601 entry describes a XXE vulnerability in Honeywell Saia PG5 Controls Suite involving the XML parser’s improper restriction of external entity references. A crafted XML/contacted document can cause the parser to access a URI and embed its contents, enabling an attacker to disclose...
Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server and IBM WebSphere Application Server Liberty shipped with IBM® Intelligent Operations Center (CVE-2024-22354)
Summary IBM WebSphere® Application Server and and IBM WebSphere Application Server Liberty are shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere® Application Server and IBM WebSphere Application Server Liberty has been published in...
CVE-2024-1455
A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading t...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Zabbix vulnerabilities (USN-4767-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4767-1 advisory. Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary...
CVE-2022-48565
An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...
CVE-2023-0871 An XML External Entity injection vulnerability
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...