Lucene search
K

40 matches found

Prion
Prion
added 2015/01/28 10:59 p.m.17 views

Xxe

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related ...

7.5CVSS7AI score0.02371EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/01/28 10:0 p.m.19 views

CVE-2015-0581

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related ...

6.5AI score0.02371EPSS
Exploits0References3
NVD
NVD
added 2014/12/23 11:59 a.m.25 views

CVE-2014-5214

nps/servlet/webacc in iManager in the Administration Console server in NetIQ Access Manager NAM 4.x before 4.0.1 HF3 allows remote authenticated novlwww users to read arbitrary files via a query parameter containing an XML external entity declaration in conjunction with an entity reference, relat...

4CVSS6.2AI score0.01922EPSS
Exploits5References4
Prion
Prion
added 2014/11/07 11:55 a.m.19 views

Xxe

The management console in Symantec Endpoint Protection Manager SEPM 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External...

7.5CVSS7.1AI score0.08541EPSS
Exploits6References6Affected Software1
Prion
Prion
added 2014/11/04 8:55 p.m.14 views

Xxe

CA Cloud Service Management CSM before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference...

7.5CVSS7.4AI score0.02537EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/11/04 8:0 p.m.18 views

CVE-2014-8474

CA Cloud Service Management CSM before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity reference...

6.9AI score0.02537EPSS
Exploits0References4
CVE
CVE
added 2014/08/26 2:0 p.m.47 views

CVE-2014-5035

The CVE-2014-5035 issue affects OpenDaylight 1.0 Netconf (TCP) service. It allows remote attackers to read arbitrary files via an XML External Entity (XXE) in conjunction with an entity reference inside an XML-RPC message, causing information disclosure. Root cause is processing of external entit...

6.8CVSS6.9AI score0.02486EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2014/04/03 9:19 p.m.7 views

Camel: XML eXternal Entity (XXE) flaw in XSLT component

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

7.5CVSS7.4AI score0.32541EPSS
Exploits2References5
Mageia
Mageia
added 2014/01/06 1:8 a.m.25 views

Updated librsvg and gtk+3.0 packages fix security vulnerability

librsvg before version 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference CVE-2013-1881. gtk+3.0 has been patched to cope with the changes in SVG loading due to the fix in librsvg...

4.3CVSS5.3AI score0.03197EPSS
Exploits0References2
NVD
NVD
added 2013/12/07 9:55 p.m.36 views

CVE-2012-6612

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

7.5CVSS6.5AI score0.10075EPSS
Exploits0References4
NVD
NVD
added 2013/12/07 8:55 p.m.20 views

CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.4CVSS6.5AI score0.114EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2013/12/07 8:0 p.m.35 views

CVE-2013-6407

The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

6.4CVSS6.5AI score0.114EPSS
Exploits0
Prion
Prion
added 2013/08/21 4:55 p.m.21 views

Xxe

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

7.5CVSS7.3AI score0.02997EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2013/08/21 4:0 p.m.40 views

CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

6.7AI score0.02997EPSS
Exploits1References5
Prion
Prion
added 2013/05/15 3:36 a.m.21 views

Xxe

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."...

4.3CVSS7AI score0.16707EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2013/05/15 1:0 a.m.21 views

CVE-2013-1301

Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."...

6.5AI score0.16707EPSS
Exploits1References3
NVD
NVD
added 2013/05/08 12:9 p.m.19 views

CVE-2013-3503

The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

3.5CVSS6.3AI score0.01177EPSS
Exploits0References3
Prion
Prion
added 2013/05/08 12:9 p.m.14 views

Xxe

The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External...

3.5CVSS6.8AI score0.01177EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2013/03/21 6:8 p.m.6 views

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

5CVSS7.4AI score0.04593EPSS
Exploits0References4
CVE
CVE
added 2013/03/06 11:0 a.m.41 views

CVE-2013-1140

The vulnerability CVE-2013-1140 affects Cisco’s Security Monitoring, Analysis, and Response System (MARS). It stems from improper handling of XML External Entity (XXE) in the XML parser, allowing unauthenticated, remote attackers to read arbitrary files via an external entity declaration and an e...

4.3CVSS6.9AI score0.01161EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder