Lucene search
K

31 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5333

Malware in sbrugna...

4.7CVSS4.9AI score0.00998EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-28890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 a...

9.8CVSS7.3AI score0.0247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.8 views

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

9.8CVSS6.7AI score0.0247EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/23 12:10 p.m.21 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Engineering Publishing Eclipse Lyo could allow a remote attacker to obtain sensitive information.

Summary Eclipse Lyo could allow a remote attacker to obtain sensitive information, caused by a flaw with not restrict DTD loading when working with RDF/XML when a TransformerFactory is initialized with the defaults. By sending a specially-crafted request, an attacker could exploit this...

5.3CVSS6.3AI score0.00858EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2022/07/11 6:22 a.m.27 views

XML External Entity (XXE)

org.eclipse.lyo.oslc4j.core:oslc4j-jena-provider is vulnerable to XML external entity attack. Default initialization of createTransformer does not restrict DTD document loading when working with RDF/XML formats, which allows remote attackers to retrieve external DTD documents...

5.3CVSS5.8AI score0.00858EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/07/08 12:0 a.m.24 views

XML External Entity Reference in Eclipse Lyo

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved...

5.3CVSS4.5AI score0.00858EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/07/08 12:0 a.m.32 views

GHSA-6296-MVGP-27HP XML External Entity Reference in Eclipse Lyo

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved...

4.2CVSS5.1AI score0.00858EPSS
Exploits1References5
NVD
NVD
added 2022/07/07 9:15 p.m.10 views

CVE-2021-41042

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved...

5.3CVSS0.00858EPSS
Exploits1References1
OSV
OSV
added 2022/07/07 9:15 p.m.3 views

CVE-2021-41042

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved...

5.3CVSS5.8AI score0.00858EPSS
Exploits1References1
Prion
Prion
added 2022/07/07 9:15 p.m.15 views

Code injection

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved...

5CVSS5.1AI score0.00858EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/07/07 8:55 p.m.20 views

CVE-2021-41042

In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved...

5.4AI score0.00858EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/05/06 12:0 a.m.27 views

XML External Entity Reference in apache jena

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 only. Apache Jena 4.2.x and 4.3.x do not allow external entities...

9.8CVSS8.7AI score0.0247EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/05/05 9:15 a.m.19 views

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

9.8CVSS0.0247EPSS
Exploits0References1
OSV
OSV
added 2022/05/05 9:15 a.m.2 views

DEBIAN-CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

9.8CVSS8.4AI score0.0247EPSS
Exploits0References1
OSV
OSV
added 2022/05/05 9:15 a.m.6 views

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

9.8CVSS9.3AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/05/05 9:15 a.m.32 views

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

9.8CVSS7.2AI score0.0247EPSS
Exploits0References3
Prion
Prion
added 2022/05/05 9:15 a.m.19 views

Xxe

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

7.5CVSS9.2AI score0.0247EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/05/05 9:15 a.m.1 views

UBUNTU-CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

9.8CVSS7.2AI score0.0247EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/05/05 8:40 a.m.24 views

CVE-2022-28890 Processing external DTDs

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

9.5AI score0.0247EPSS
Exploits0References1
CVE
CVE
added 2022/05/05 8:40 a.m.117 views

CVE-2022-28890

CVE-2022-28890 : Apache Jena’s RDF/XML parser is vulnerable to an XXE-like issue where an attacker can cause an external DTD to be retrieved. The vulnerability affects Apache Jena versions 4.4.0 and earlier; parity notes indicate that Apache Jena 4.2.x and 4.3.x do not allow external entities, im...

9.8CVSS9.3AI score0.0247EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder