Lucene search
K

161 matches found

Prion
Prion
added 2022/08/16 9:15 p.m.14 views

Information disclosure

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure...

4CVSS5.2AI score0.00216EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/08/16 7:40 p.m.67 views

CVE-2020-14379

CVE-2020-14379 concerns Red Hat AMQ Broker where an XML External Entity (XEE) attack via Broker configuration files can cause denial of service and information disclosure. Affected component is the AMQ Broker’s handling of configuration inputs; root cause is vulnerability to XEE through configura...

5.6CVSS5.2AI score0.00216EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/16 7:40 p.m.42 views

CVE-2020-14379

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure...

5.3AI score0.00216EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/17 5:14 a.m.27 views

Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

6.4CVSS7.6AI score0.02519EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/17 5:14 a.m.26 views

GHSA-H5P3-7MG6-HGJ4 Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

6.4CVSS9.2AI score0.02519EPSS
Exploits0References9
OSV
OSV
added 2022/05/17 5:10 a.m.23 views

GHSA-JH4X-4WMF-67PR Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

5CVSS9.1AI score0.01848EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 5:10 a.m.21 views

Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

5CVSS7.2AI score0.01848EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 4:58 a.m.25 views

GHSA-J6XH-Q826-55JW OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack

The security group extension in OpenStack Compute Nova Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664...

4.3CVSS9.2AI score0.02703EPSS
Exploits1References8
OSV
OSV
added 2022/05/17 3:16 a.m.29 views

GHSA-XP8P-9RQ5-4WGV ZendXml and Zend Framework contain XXE and XEE Vulnerabilities

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS6.8AI score0.09911EPSS
Exploits7References19
Github Security Blog
Github Security Blog
added 2022/05/17 3:16 a.m.48 views

ZendXml and Zend Framework contain XXE and XEE Vulnerabilities

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS6.9AI score0.09911EPSS
Exploits7References20Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/17 1:24 a.m.34 views

Improper Input Validation in Apache POI

Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service CPU consumption and crash via a crafted OOXML file, aka an XML Entity Expansion XEE attack...

4.3CVSS6.1AI score0.07395EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2022/05/14 12:56 a.m.28 views

GHSA-GP39-H9C2-QW79 Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.8CVSS9.5AI score0.02164EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.26 views

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.8CVSS6.9AI score0.02164EPSS
Exploits0References8Affected Software10
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.30 views

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.4CVSS7AI score0.02611EPSS
Exploits0References8Affected Software10
Tenable Nessus
Tenable Nessus
added 2022/03/11 12:0 a.m.22 views

Debian DSA-5099-1 : tryton-proteus - security update

The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5099 advisory. - An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton...

7.5CVSS7AI score0.01881EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2022/03/11 12:0 a.m.28 views

Debian DLA-2946-1 : tryton-proteus - LTS security update

The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2946 advisory. - An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Applicati...

7.5CVSS7AI score0.01881EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2022/03/11 12:0 a.m.27 views

Debian DSA-5098-1 : tryton-server - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5098 advisory. - An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton...

7.5CVSS7AI score0.01881EPSS
Exploits1References8
Cvelist
Cvelist
added 2022/03/07 10:40 p.m.30 views

CVE-2022-26662

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

7.6AI score0.01881EPSS
Exploits0References6
CVE
CVE
added 2022/03/07 10:40 p.m.154 views

CVE-2022-26662

CVE-2022-26662 describes an XML Entity Expansion (XEE) vulnerability in Tryton Application Platform (Server) and Proteus, allowing an unauthenticated attacker to send crafted XML-RPC to exhaust server resources. Affected ranges include Tryton Server 5.x up through 5.0.45, 6.x up through 6.0.15, 6...

7.5CVSS7.2AI score0.01881EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2021/11/04 10:13 a.m.51 views

CVE-2020-14379

A flaw was found in broker. An XEE attack can used in Broker's configuration files, leading to DoS and information disclosure. The highest threat from the vulnerability is to system availability...

5.6CVSS5.4AI score0.00216EPSS
Exploits0References3
Rows per page
Query Builder