Lucene search
K

12 matches found

CVE
CVE
added last week15 views

CVE-2026-12993

Affected software: Apicurio Registry. Vulnerability: DocumentBuilderAccessor does not disable DOCTYPE declarations or enable FEATURE_SECURE_PROCESSING, allowing an attacker with artifact-write permission to upload XML documents containing internal entity-expansion payloads (billion-laughs) that c...

6.5CVSS5.8AI score0.00249EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/02/27 12:0 a.m.169 views

📄 fast-xml-parser 5.3.5 Denial of Service

A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...

5.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/12/09 8:32 a.m.12 views

Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS7.4AI score0.19433EPSS
Exploits8References19
RedHat Linux
RedHat Linux
added 2025/12/09 7:23 a.m.4 views

expat: internal entity expansion

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

6.8CVSS7.5AI score0.19433EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.3 views

RHEL 8 : expat (RHSA-2025:22842)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22842 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: internal entity expansion CVE-2013-0340 expat: integer overflow in t...

7.5CVSS7.6AI score0.19433EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.3 views

RHEL 9 : expat (RHSA-2025:22035)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22035 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: internal entity expansion CVE-2013-0340 expat: parsing large tokens...

7.5CVSS7.6AI score0.19433EPSS
Exploits3References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.3 views

SUSE CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity...

4.3CVSS6.8AI score0.02972EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2022/11/15 11:58 a.m.3 views

expat: internal entity expansion

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...

6.8CVSS7AI score0.19433EPSS
Exploits1References4
OSV
OSV
added 2013/04/25 11:55 p.m.1 views

DEBIAN-CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity...

4.3CVSS9AI score0.02972EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/03/21 6:8 p.m.8 views

bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...

5CVSS7.4AI score0.04863EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/03/05 8:56 p.m.10 views

bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...

5CVSS7.4AI score0.04863EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/02/28 6:47 p.m.2 views

libxml2: CPU consumption DoS when performing string substitutions during entities expansion

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity...

4.3CVSS6.7AI score0.02972EPSS
Exploits0References4
Rows per page
Query Builder