Lucene search
K

205 matches found

Cvelist
Cvelist
added 2024/11/05 12:0 a.m.25 views

CVE-2024-51132

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

0.01851EPSS
Exploits1References2
NVD
NVD
added 2024/11/04 5:15 p.m.21 views

CVE-2024-51136

An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...

9.8CVSS0.01156EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.19 views

CVE-2024-51136

An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...

0.01156EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2024/10/09 12:4 p.m.14 views

CVE-2024-28168

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue...

7.5CVSS6.2AI score0.01003EPSS
Exploits0
OpenVAS
OpenVAS
added 2024/09/12 12:0 a.m.10 views

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2450)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.3AI score0.00532EPSS
Exploits0References2
CVE
CVE
added 2024/08/15 12:0 a.m.49 views

CVE-2024-22218

CVE-2024-22218/22219 describe an XXE vulnerability in Terminalfour versions 8.0.0001–8.3.18 and XML JDBC up to 1.0.4. An authenticated user can submit malicious XML via unspecified features, potentially leading to accessing the underlying server, remote code execution (RCE), or Server-Side Reques...

8.8CVSS7.8AI score0.00723EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/15 12:0 a.m.17 views

CVE-2024-22219

XML External Entity XXE vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution RCE, or...

0.00723EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 3:36 p.m.43 views

Security Bulletin: Vulnerability in jackson-databind affects watsonx.data

Summary FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception and other causes Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By...

7.5CVSS7.6AI score0.17611EPSS
Exploits5Affected Software1
RedhatCVE
RedhatCVE
added 2024/06/28 7:20 p.m.16 views

CVE-2024-38374

A flaw was found in cyclonedx-core-java. It is vulnerable to XML External Entity XXE injection due to an insecure configuration of the DocumentBuilderFactory used to evaluate XPath expressions...

7.5CVSS7.5AI score0.00589EPSS
Exploits0References4
Veracode
Veracode
added 2024/06/25 6:38 a.m.18 views

XML External Entity (XXE)

org.cyclonedx:cyclonedx-core-java is vulnerable to XML External Entity XXE.The vulnerability is caused due to improper configuration of the DocumentBuilderFactory used to evaluate XPath expressions to determine the schema version of the BOM before deserializing CycloneDX Bill of Materials in XML...

7.5CVSS7.4AI score0.00589EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.13 views

RHEL 7 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxml2: Missing validation for external entities in xmlParsePEReference CVE-2017-7375 - The...

7.5CVSS7.2AI score0.07025EPSS
Exploits13References16
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.29 views

RHEL 7 : activemq (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - Spring Framework: XML External Entity XXE injection flaw CVE-2013-6429 Note that Nessus has not tested for this iss...

6.8CVSS6.8AI score0.90455EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2024/05/09 3:54 p.m.29 views

USN-6769-1: Spreadsheet::ParseXLSX vulnerabilities

Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage memory during cell merge operations. An attacker could possibly use this issue to consume large amounts of memory, resulting in a denial of service condition. CVE-2024-22368 An Pham discovered that Spreadsheet::ParseXLSX...

6.5CVSS6.2AI score0.00776EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2024/05/08 7:55 p.m.29 views

@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability

Impact XML External entity injections could be possible, when running the provided XML Validator on arbitrary input. POC js const Spec: Version , Validation: XmlValidator = require'@cyclonedx/cyclonedx-library'; const version = Version.v1dot5; const validator = new XmlValidatorversion; const inpu...

8.1CVSS7.5AI score0.00925EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/05/03 2:15 a.m.61 views

CVE-2023-51601

The CVE-2023-51601 entry describes a XXE vulnerability in Honeywell Saia PG5 Controls Suite involving the XML parser’s improper restriction of external entity references. A crafted XML/contacted document can cause the parser to access a URI and embed its contents, enabling an attacker to disclose...

6.5CVSS5.1AI score0.00784EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/23 6:43 p.m.28 views

Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server and IBM WebSphere Application Server Liberty shipped with IBM® Intelligent Operations Center (CVE-2024-22354)

Summary IBM WebSphere® Application Server and and IBM WebSphere Application Server Liberty are shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere® Application Server and IBM WebSphere Application Server Liberty has been published in...

7CVSS7AI score0.00649EPSS
Exploits0Affected Software2
OSV
OSV
added 2024/03/26 2:15 p.m.16 views

CVE-2024-1455

A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity XXE exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading t...

5.9CVSS6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/21 12:0 a.m.56 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Zabbix vulnerabilities (USN-4767-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4767-1 advisory. Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary...

9.8CVSS7.6AI score0.83284EPSS
Exploits40References10
Vulnrichment
Vulnrichment
added 2023/08/22 12:0 a.m.37 views

CVE-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

6.7AI score0.04268EPSS
Exploits3References7
Cvelist
Cvelist
added 2023/08/11 4:13 p.m.46 views

CVE-2023-0871 An XML External Entity injection vulnerability

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...

5.4CVSS6.7AI score0.00489EPSS
Exploits0References2
Rows per page
Query Builder