Lucene search
K

161 matches found

CVE
CVE
added 2013/09/16 7:0 p.m.85 views

CVE-2013-4202

OpenStack Cinder (Grizzly, 2013.1.3 and earlier) backs up (api/contrib/backups.py) and volume_transfer (contrib/volume_transfer.py) APIs are vulnerable to XML Entity Expansion (XEE) leading to remote DoS (resource consumption and crash). Root cause is an incomplete fix for CVE-2013-1664 in the XM...

4.3CVSS6.4AI score0.02604EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/09/16 7:0 p.m.77 views

CVE-2013-4179

OpenStack Nova (Grizzly 2013.1.3, Havana before havana-3, and earlier) is affected by CVE-2013-4179, a denial-of-service due to XML Entity Expansion (XEE) in the security group extension. The issue stems from an incomplete fix for CVE-2013-1664 and can allow remote attackers to cause resource con...

4.3CVSS6.5AI score0.02703EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2013/09/16 7:0 p.m.36 views

CVE-2013-4202

The 1 backup api/contrib/backups.py and 2 volume transfer contrib/volumetransfer.py APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an...

4.3CVSS9.3AI score0.02604EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2013/08/08 3:0 p.m.23 views

CVE-2013-4202

The 1 backup api/contrib/backups.py and 2 volume transfer contrib/volumetransfer.py APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an...

4.3CVSS5.9AI score0.02604EPSS
Exploits0References2
CVE
CVE
added 2013/04/12 10:0 p.m.63 views

CVE-2013-0315

The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 is vulnerable to an XML External Entity (XXE) attack via a crafted external XML entity in an XML document, enabling remote attackers to read arbitrary files on the server. Root cause: improper XML parsing in the Gate...

5CVSS6.8AI score0.01371EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2013/04/09 9:55 p.m.25 views

CVE-2013-1821

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS7.9AI score0.06671EPSS
Exploits0References23
Prion
Prion
added 2013/04/09 9:55 p.m.23 views

Design/Logic Flaw

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.9AI score0.06671EPSS
Exploits0References23Affected Software1
CVE
CVE
added 2013/04/09 9:0 p.m.137 views

CVE-2013-1821

CVE-2013-1821 is an XML Entity Expansion (XEE) denial-of-service vulnerability in the REXML parser of Ruby. The provided sources confirm affected Ruby/REXML configurations across multiple lines: Ruby before 1.9.3-p392 (initial description) and extended references indicate the issue affects 1.9.x ...

5CVSS5.4AI score0.06671EPSS
Exploits0References23Affected Software1
NVD
NVD
added 2013/04/03 12:55 a.m.23 views

CVE-2013-1664

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...

5CVSS9.2AI score0.04863EPSS
Exploits1References10
Cvelist
Cvelist
added 2013/04/03 12:0 a.m.53 views

CVE-2013-1664

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...

9.2AI score0.04863EPSS
Exploits1References10
CVE
CVE
added 2013/04/03 12:0 a.m.128 views

CVE-2013-1664

The CVE-2013-1664 issue concerns the Python XML libraries (used by OpenStack components: Keystone Essex/Folsom/Grizzly, Nova Essex/Folsom, Cinder Folsom, Django, and possibly other products) that allow remote attackers to trigger a denial-of-service via XML Entity Expansion (XEE). The root cause ...

5CVSS9AI score0.04863EPSS
Exploits1References10Affected Software6
Debian CVE
Debian CVE
added 2013/04/03 12:0 a.m.35 views

CVE-2013-1664

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...

5CVSS9.4AI score0.04863EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2013/03/07 12:0 a.m.34 views

CVE-2013-1821

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

5CVSS7.2AI score0.06671EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2013/02/13 5:55 p.m.19 views

CVE-2012-6532

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

5CVSS7.2AI score0.01848EPSS
Exploits0References2
CVE
CVE
added 2013/02/13 5:0 p.m.76 views

CVE-2012-6532

CVE-2012-6532 affects Zend Framework 1.x: Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc before 1.11.13 and 1.12.x before 1.12.0. It allows remote attackers to cause a denial of service via XML Entity Expansion (XEE) caused by recursive or circular references in a DOCTYPE declaration. The vulner...

5CVSS8.9AI score0.01848EPSS
Exploits0References2Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/09/20 3:22 p.m.9 views

Denial of Service vector via XEE injection

More info at https://framework.zend.com/security/advisory/ZF2012-02...

7.2AI score
Exploits0Affected Software1
Symfony
Symfony
added 2012/08/28 12:0 a.m.14 views

Security Release: Symfony 2.0.17 released

Symfony 2.0.17 has just been released. This release contains several security fixes related to the way XML is handled, and as such, we recommend everyone to upgrade. These issues have been reported by Pádraic Brady from the Zend Framework team; I would like to thank him for the very detailed repo...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2011/09/21 12:0 a.m.58 views

SharePoint 2007 / 2010 And DotNetNuke File Disclosure

Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke Date: September 15, 2011 Author: Nicolas Gregoire Version: SharePoint 2007 / 2010, DotNetNuke poc filename: xee.xsl...

4CVSS6.4AI score0.38332EPSS
Exploits6
exploitpack
exploitpack
added 2011/09/20 12:0 a.m.33 views

SharePoint 20072010 and DotNetNuke 6 - File Disclosure (via XEE)

SharePoint 20072010 and DotNetNuke 6 - File Disclosure via XEE Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke Date: September 15, 2011 Author: Nicolas Gregoire Version: SharePoint 2007 / 2010, DotNetNuke poc filename: xee.xsl...

4CVSS0.38332EPSS
Exploits6
Exploit DB
Exploit DB
added 2011/09/20 12:0 a.m.52 views

SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)

Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke Date: September 15, 2011 Author: Nicolas Gregoire Version: SharePoint 2007 / 2010, DotNetNuke poc filename: xee.xsl...

4CVSS6.4AI score0.38332EPSS
Exploits6
Rows per page
Query Builder