EUVD-2020-27999

Malware in sbrugna...

EUVD-2023-0296

Malicious code in bioql PyPI...

GHSA-RJPM-QMQ7-Q85W Symfony XXE security vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

Design/Logic Flaw

An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system...

CVE-2023-6721

CVE-2023-6721 is an XML External Entity (XXE) vulnerability in Repox that affects the XML data processing in the fileupload function, enabling a remote attacker to cause interaction with the server’s filesystem. Public sources consistently describe this as an XXE issue with high impact. CNNVD not...

CVE-2022-3980

An XML External Entity XEE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4...

Server side request forgery (ssrf)

An XML External Entity XEE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4...

CVE-2022-3980

CVE-2022-3980 affects Sophos Mobile on-premises (versions 5.0.0–9.7.4) and is caused by XML External Entity (XXE) processing, enabling SSRF and potential code execution. Exploitation could allow reading arbitrary server files and SSRF attacks; base CVSS v3.1 score is 9.8 (CRITICAL). Affected soft...

CVE-2022-3980

An XML External Entity XEE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4...

Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

GHSA-JH4X-4WMF-67PR Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

Debian DSA-5099-1 : tryton-proteus - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5099 advisory. - An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton...

CVE-2020-6856

An XML External Entity XEE vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders...

CVE-2020-6856

CVE-2020-6856 affects SOS JobScheduler’s JOC Cockpit (versions 1.12 and 1.13.2). The issue is an XML External Entity (XEE) vulnerability where an entity declaration in XML used to specify runtime settings for jobs/orders can cause an attacker to read server files. Connected sources consistently d...

CVE-2019-0271

ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...

CVE-2019-0271

CVE-2019-0271 affects ABAP Server (NetWeaver/Suite/ERP) and ABAP Platform. The vulnerability is an XML External Entity (XEE) issue caused by insufficient validation of XML documents from untrusted sources, enabling potential manipulation via external entities. Affected ranges: ABAP Server 7.00–7....

UBNT Bug Bounty #2 - XML External Entity Vulnerability

Document Title: =============== UBNT Bug Bounty 2 - XML External Entity Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1466 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ==================================== 1466...

UBNT Bug Bounty #2 - XML External Entity Vulnerability

Document Title: =============== UBNT Bug Bounty 2 - XML External Entity Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1466 Release Date: ============= 2016-04-13 Vulnerability Laboratory ID VL-ID: ==================================== 1466...

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...