Lucene search
K

98 matches found

EUVD
EUVD
added 2017/11/08 4:0 p.m.9 views

EUVD-2022-3126

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS8.3AI score0.09946EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2017/11/01 12:0 a.m.13 views

PT-2020-6701

Name of the Vulnerable Software and Affected Versions FasterXML Jackson Databind affected versions not specified Description A flaw in FasterXML Jackson Databind allows vulnerability to XML external entity XXE attacks due to improper entity expansion security. The highest threat from this issue i...

7.8CVSS6.8AI score0.17611EPSS
Exploits0References221
Veracode
Veracode
added 2017/07/31 12:2 a.m.28 views

XML External Entity (XXE) Attacks

Zendframework and several Zendservices are vulnerable to XML External Entity XXE attacks. The libxmldisableentityloader is not correctly shared between threads then PHP-FPM is used, allowing attackers to conduct XXE attacks. This is as a result of an incomplete fix for CVE-2012-5657...

6.8CVSS9.2AI score0.02164EPSS
Exploits0References7Affected Software11
Tenable Nessus
Tenable Nessus
added 2017/01/13 12:0 a.m.40 views

Debian DSA-3759-1 : python-pysaml2 - security update

Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. %NASLMINLEVEL...

9CVSS6.6AI score0.0386EPSS
Exploits0References5
OSV
OSV
added 2016/11/15 12:0 a.m.2 views

UBUNTU-CVE-2016-9318

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity XXE attacks via a crafte...

7.8CVSS6.8AI score0.02938EPSS
Exploits1References4
OSV
OSV
added 2016/07/14 8:33 p.m.5 views

MGASA-2016-0253 Updated pdfbox packages fix security vulnerability

Apache PDFBox before 1.8.12 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF CVE-2016-2175...

7.8CVSS7.3AI score0.04758EPSS
Exploits0References4
Debian
Debian
added 2016/06/24 8:6 p.m.26 views

[SECURITY] [DSA 3606-1] libpdfbox security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3606-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2016 https://www.debian.org/security/faq -...

7.8CVSS7.7AI score0.04758EPSS
Exploits0
OSV
OSV
added 2016/06/06 12:0 a.m.18 views

DLA-504-1 libxstream-java - security update

Bulletin has no description...

7.5CVSS7.5AI score0.08179EPSS
Exploits0
OSV
OSV
added 2016/05/12 12:0 a.m.33 views

DSA-3575-1 libxstream-java - security update

Bulletin has no description...

7.5CVSS7.5AI score0.08179EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/12/07 8:46 p.m.3 views

batik: XML External Entity (XXE) injection in SVG parsing

It was found that batik was vulnerable to XML External Entity attacks when parsing SVG files. A remote attacker able to send malicious SVG content to the affected server could use this flaw to read files accessible to the user running the application server, and potentially perform other more...

6.4CVSS7.4AI score0.16564EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2015/12/07 8:46 p.m.33 views

Critical: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.2.0 update

Red Hat JBoss BPM Suite 6.2.0, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores...

10CVSS7AI score0.83274EPSS
Exploits9References7
RedHat Linux
RedHat Linux
added 2015/05/11 5:40 p.m.31 views

Moderate: Red Hat Security Advisory: spacewalk-java security update

Updated spacewalk packages that fix one security issue are now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from t...

7.5CVSS5.8AI score0.02694EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/05/11 5:40 p.m.5 views

Satellite5: RPC API XML External Entities file disclosure

It was found that the RPC interface in Satellite would resolve external entities, allowing an attacker to conduct XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the Satellite server, and potentially perform other more advanced X...

7.5CVSS5.8AI score0.02694EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/10/09 6:51 p.m.9 views

apache-poi: XML eXternal Entity (XXE) flaw

It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity...

4.3CVSS6.7AI score0.13258EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/06/11 2:55 p.m.21 views

CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS7.1AI score0.07794EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2014/02/14 12:0 a.m.35 views

RHEL 5 : JBoss EAP (RHSA-2014:0170)

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.1 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact...

5CVSS6.6AI score0.08863EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2014/02/13 6:33 p.m.3 views

Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...

5CVSS6.7AI score0.02752EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2012/09/06 12:0 a.m.49 views

Ektron CMS 8.5.0 File Upload / XXE Injection

Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...

7.4AI score
Exploits0
Rows per page
Query Builder