Lucene search
+L

93 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.4 views

SUSE CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS8.3AI score0.07794EPSS
Exploits3References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.3 views

SUSE CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS7AI score0.02954EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.2 views

SUSE CVE-2021-41098

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are...

7.5CVSS8.8AI score0.01374EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.5 views

SUSE CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

7.1CVSS7.5AI score0.03078EPSS
Exploits1References7
OSV
OSV
added 2022/08/22 1:7 p.m.9 views

CLSA-2022-1661173656 Fixed 50 CVEs in java-1.7.0-openjdk

Bump to 2.6.28 and OpenJDK 7u351-b01. - Security fixes in 7u351: - CVE-2022-21540: Improve class compilation JDK-8281859 - CVE-2022-21541: Enhance MethodHandle invocations JDK-8281866 - CVE-2022-34169: Improve Xalan supports JDK-8285407 - Security fixes in 7u341: - CVE-2022-21426: Better XPath...

8.3CVSS6.5AI score0.33623EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2022/06/30 6:33 p.m.6 views

liquibase: Improper Restriction of XML External Entity

A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...

9.8CVSS7.1AI score0.02921EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/06/30 6:33 p.m.5 views

liquibase: Improper Restriction of XML External Entity

A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...

9.8CVSS7.1AI score0.02921EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/17 7:57 p.m.6 views

jersey: XXE via parameter entities

jersey: XXE via parameter entities not disabled by the jersey SAX parser...

7.5CVSS7.5AI score0.02142EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/17 2:26 a.m.21 views

GHSA-7G54-VGP6-JJ5W XML External Entity Reference in Apache Sling

In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...

9.8CVSS9.1AI score0.03669EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:5 a.m.26 views

Improper Restriction of XML External Entity Reference in Castor

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS8.4AI score0.07794EPSS
Exploits3References8Affected Software2
OSV
OSV
added 2022/05/13 1:5 a.m.31 views

GHSA-JWWR-FJGH-CV2X Improper Restriction of XML External Entity Reference in Castor

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS8.4AI score0.07794EPSS
Exploits3References8
Veracode
Veracode
added 2022/04/12 4:29 a.m.36 views

Denial Of Service (DoS)

nokogiri is vulnerable to Denial Of Service DoS. SAX parser's inefficient entity handling for regular expressions causes excessive backtracking when a malicious documents are parsed which allows an attacker to cause an application crash...

7.5CVSS5.1AI score0.03549EPSS
Exploits0References14Affected Software3
OSV
OSV
added 2022/03/16 9:36 a.m.24 views

OPENSUSE-SU-2022:0873-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u322 icedtea-3.22.0 Including the following security fixes: - CVE-2022-21248, bsc1194926: Enhance cross VM serialization - CVE-2022-21283, bsc1194937: Better String matching - CVE-2022-21293, bsc1194935: Improve...

5.3CVSS5.3AI score0.08346EPSS
Exploits0References30
OSV
OSV
added 2022/03/16 9:34 a.m.9 views

SUSE-SU-2022:0871-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u322 icedtea-3.22.0 Including the following security fixes: - CVE-2022-21248, bsc1194926: Enhance cross VM serialization - CVE-2022-21283, bsc1194937: Better String matching - CVE-2022-21293, bsc1194935: Improve...

5.3CVSS5.4AI score0.08346EPSS
Exploits0References30
OSV
OSV
added 2022/03/04 12:0 a.m.8 views

GHSA-99WH-973F-779P XML External Entity Reference in Hazelcast

The AbstractXmlConfigRootTagRecognizer function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...

9.8CVSS5.8AI score0.02792EPSS
Exploits2References5
OSV
OSV
added 2022/01/14 9:7 p.m.21 views

GHSA-MH83-JCW5-RJH8 XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...

6.1CVSS7.2AI score0.00739EPSS
Exploits1References4
OSV
OSV
added 2021/10/19 11:3 a.m.3 views

OESA-2021-1396 rubygem-nokogiri security update

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath. %if 0 Security Fixes: Nokogiri is a Rubygem providin...

7.5CVSS7AI score0.01374EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2021/09/29 2:6 p.m.40 views

CVE-2021-41098

A XML External Entity Reference XXE vulnerability was found in RubyGem Nokogiri on JRuby Java implementation of the Ruby. If attacker is able to insert untrusted XML input containing a reference to an external entity, it is processed by a weakly configured SAX parser, resulting disclosure of...

7.5CVSS2.6AI score0.01374EPSS
Exploits0References4
CNVD
CNVD
added 2021/09/29 12:0 a.m.38 views

Nokogiri Code Issue Vulnerability

Nokogiri is an open source software library for parsing HTML and XML in Ruby . Nokogiri suffers from a code issue vulnerability that stems from the SAX parser parsing external entities by default in Nokogiri v1.12.4 and earlier versions, on JRuby only. No detailed vulnerability details are provid...

7.5CVSS7.5AI score0.01374EPSS
Exploits0References1
Snyk
Snyk
added 2021/09/28 10:1 a.m.2 views

XML External Entity (XXE) Injection

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to XML External Entity XXE Injection. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: - Nokogiri::XML::SAX::Parse -...

7.5CVSS7.6AI score0.01374EPSS
Exploits0References2
Rows per page
Query Builder