EUVD-2018-0420

Malware in sbrugna...

EUVD-2020-6519

Malware in sbrugna...

CVE-2022-39135 Apache Calcite: potential XEE attacks

Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...

CVE-2020-14379

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure...

CVE-2020-14379

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure...

Information disclosure

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure...

CVE-2020-14379

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure...

CVE-2020-14379

CVE-2020-14379 concerns Red Hat AMQ Broker where an XML External Entity (XEE) attack via Broker configuration files can cause denial of service and information disclosure. Affected component is the AMQ Broker’s handling of configuration inputs; root cause is vulnerability to XEE through configura...

Improper Input Validation in Apache POI

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service CPU consumption and crash via a crafted OOXML file, aka an XML Entity Expansion XEE attack...

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

CVE-2020-14379

A flaw was found in broker. An XEE attack can used in Broker's configuration files, leading to DoS and information disclosure. The highest threat from the vulnerability is to system availability...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1374)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.1.0 : ruby (EulerOS-SA-2019-1428)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as the XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products all...

Moderate severity vulnerability that affects org.restlet.jse:org.restlet

Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion XEE attack...

GHSA-6C8P-QPHV-668V Denial of service in ruby-openid

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

Design/Logic Flaw

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML Entity Expansion XEE attack...

CVE-2017-5644

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML Entity Expansion XEE attack...

CVE-2017-5644

CVE-2017-5644 affects Apache POI: versions prior to 3.15 are vulnerable to an XML Entity Expansion (XEE) denial of service via a specially crafted OOXML file, causing high CPU usage. Documented impact is a CPU consumption DoS rather than code execution. Public references in the connected material...

CVE-2015-5161

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...