98 matches found
EUVD-2022-3126
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...
PT-2020-6701
Name of the Vulnerable Software and Affected Versions FasterXML Jackson Databind affected versions not specified Description A flaw in FasterXML Jackson Databind allows vulnerability to XML external entity XXE attacks due to improper entity expansion security. The highest threat from this issue i...
XML External Entity (XXE) Attacks
Zendframework and several Zendservices are vulnerable to XML External Entity XXE attacks. The libxmldisableentityloader is not correctly shared between threads then PHP-FPM is used, allowing attackers to conduct XXE attacks. This is as a result of an incomplete fix for CVE-2012-5657...
Debian DSA-3759-1 : python-pysaml2 - security update
Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. %NASLMINLEVEL...
UBUNTU-CVE-2016-9318
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity XXE attacks via a crafte...
MGASA-2016-0253 Updated pdfbox packages fix security vulnerability
Apache PDFBox before 1.8.12 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF CVE-2016-2175...
[SECURITY] [DSA 3606-1] libpdfbox security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3606-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2016 https://www.debian.org/security/faq -...
DLA-504-1 libxstream-java - security update
Bulletin has no description...
DSA-3575-1 libxstream-java - security update
Bulletin has no description...
batik: XML External Entity (XXE) injection in SVG parsing
It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more...
Critical: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.2.0 update
Red Hat JBoss BPM Suite 6.2.0, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores...
Moderate: Red Hat Security Advisory: spacewalk-java security update
Updated spacewalk packages that fix one security issue are now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from t...
Satellite5: RPC API XML External Entities file disclosure
It was found that the RPC interface in Satellite would resolve external entities, allowing an attacker to conduct XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the Satellite server, and potentially perform other more advanced X...
apache-poi: XML eXternal Entity (XXE) flaw
It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity...
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
RHEL 5 : JBoss EAP (RHSA-2014:0170)
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.1 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact...
Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter
It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...
Ektron CMS 8.5.0 File Upload / XXE Injection
Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...