PT-2026-37163

Name of the Vulnerable Software and Affected Versions changedetection.io versions 0.54.9 and earlier Description The software contains an XML External Entity XXE issue where the xpath filter function switches to XML mode for XML/RSS content and creates an etree.XMLParserstrip cdata=False without...

EUVD-2013-0351

Malware in sbrugna...

EUVD-2016-9996

Malware in sbrugna...

SUSE-SU-2025:20045-1 Security update for expat

This update for expat fixes the following issues: - CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 - CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 - CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 - CVE-2024-28757: XML Entity...

Security Bulletin: Apache uimaj-core.jar security vulnerability CVE-2017-15691

Summary Apache uimaj-core.jar security vulnerability CVE-2017-15691 in FileNet Content Manager FNCM Content Search Services CSS/Enterprise Content Management Text Search ECMTS. CSS/ECMTS is affected and is potentially vulnerable. Vulnerability Details CVEID:CVE-2017-15691 DESCRIPTION: Apache uima...

RHEL 5 : xmlsec1 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xmlsec1: xmlsec vulnerable to external entity expansion CVE-2017-1000061 Note that Nessus has not tested for this...

Exploit for XML Entity Expansion in Cisco Secure_Endpoint

CVE-2023-20052 CVE-2023-20052, information leak vulnerability...

K12487579: Apache vulnerabilities CVE-2018-1282, CVE-2018-1284, CVE-2018-1295, CVE-2018-1308, and CVE-2018-1315

Security Advisory Description CVE-2018-1282 This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation. CVE-2018-1284 In Apache Hive 0.6.0 to 2.3.2,...

SUSE CVE-2017-1000061

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service...

GE MDS PulseNET XML External Entity Expansion (CVE-2018-10613)

An XML external entity expansion vulnerability exists in GE MDS PulseNET. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

Jenkins Filesystem Trigger Plugin XML External Entity Expansion (CVE-2021-21659)

An XML external entity expansion vulnerability exists in Jenkins Filesystem Trigger Plugin. Successful exploitation of this vulnerability could result in the disclosure of file contents from the target system...

EulerOS 2.0 SP2 : perl-XML-Twig (EulerOS-SA-2021-1344)

According to the version of the perl-XML-Twig package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - perl-XML-Twig: The option to expandexternalents, documented as controlling external entity expansion in XML::Twig does not work. External...

EulerOS 2.0 SP3 : perl-XML-Twig (EulerOS-SA-2021-1110)

According to the version of the perl-XML-Twig package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - perl-XML-Twig: The option to expandexternalents, documented as controlling external entity expansion in XML::Twig does not work. External...

Debian DLA-2406-1 : jackson-databind security update

It was discovered that there was an external entity expansion vulnerability in jackson-databind, a Java library for processing JSON. For Debian 9 'Stretch', this problem has been fixed in version 2.8.6-1+deb9u8. We recommend that you upgrade your jackson-databind packages. For the detailed securi...

MGASA-2020-0104 Updated xmlsec1 packages fix security vulnerability

Updated xmlsec1 packages fix security vulnerability: It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion XXE along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to...

uima: XML external entity expansion (XXE) can allow attackers to execute arbitrary code

In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion XXE capability of various XML parsers. UIMA as part of its...

Remote Code Execution (RCE)

lucene-queryparser is vulnerable to remote code execution. This is possible through the use of an XML external entity expansion XXE attack and the Config API with add-listener command...

There is a XML external entity expansion (XXE) vulnerability in Apache Solr

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion XXE in the &dataConfig= parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the...

XML external entity expansion in org.apache.solr:solr-core

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

Xxe

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...