Lucene search
K

161 matches found

CVE
CVE
added 2017/03/24 2:0 p.m.115 views

CVE-2017-5644

CVE-2017-5644 affects Apache POI: versions prior to 3.15 are vulnerable to an XML Entity Expansion (XEE) denial of service via a specially crafted OOXML file, causing high CPU usage. Documented impact is a CPU consumption DoS rather than code execution. Public references in the connected material...

7.1CVSS5.3AI score0.04595EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/03/24 2:0 p.m.20 views

CVE-2017-5644

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML Entity Expansion XEE attack...

5.5AI score0.04595EPSS
Exploits0References3
Veracode
Veracode
added 2017/02/23 2:10 a.m.10 views

XML Entity Expansion (XEE)

Jersey common is vulnerable to billion laugh attacks. These attacks are possible because it does not disable XML Entity Expansion XEE...

6.7AI score
Exploits0
NVD
NVD
added 2016/05/22 1:59 a.m.20 views

CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

9.6CVSS8.6AI score0.04026EPSS
Exploits1References12
Cvelist
Cvelist
added 2016/05/22 1:0 a.m.26 views

CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

8.6AI score0.04026EPSS
Exploits1References12
CVE
CVE
added 2016/05/22 1:0 a.m.142 views

CVE-2015-8866

CVE-2015-8866 describes a XXE/XEE vulnerability in PHP when using PHP-FPM, where libxml_disable_entity_loader changes are shared across threads, allowing crafted XML to exploit libxml. Affected versions include PHP prior to 5.5.22 and 5.6.x prior to 5.6.6; the issue stems from insufficient isolat...

9.6CVSS7AI score0.04026EPSS
Exploits1References12Affected Software1
Vulnerability Lab
Vulnerability Lab
added 2016/04/14 12:0 a.m.32 views

UBNT Bug Bounty #2 - XML External Entity Vulnerability

Document Title: =============== UBNT Bug Bounty 2 - XML External Entity Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1466 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ==================================== 1466...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/04/13 12:0 a.m.51 views

UBNT Bug Bounty #2 - XML External Entity Vulnerability

Document Title: =============== UBNT Bug Bounty 2 - XML External Entity Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1466 Release Date: ============= 2016-04-13 Vulnerability Laboratory ID VL-ID: ==================================== 1466...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/15 12:0 a.m.25 views

Zend Framework 1.12.x < 1.12.4 / 2.1.x < 2.1.6 / 2.2.x < 2.2.6 Multiple XEE DoS

Binary data 9144.prm...

9.8CVSS7.3AI score0.02611EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.33 views

Amazon Linux: Security Advisory (ALAS-2014-377)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9.6AI score0.02802EPSS
Exploits0References3
NVD
NVD
added 2015/08/25 5:59 p.m.20 views

CVE-2015-5161

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS8.4AI score0.09911EPSS
Exploits7References10
UbuntuCve
UbuntuCve
added 2015/08/25 5:59 p.m.39 views

CVE-2015-5161

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS7.2AI score0.09911EPSS
Exploits7References2
Prion
Prion
added 2015/08/25 5:59 p.m.24 views

Xxe

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS9.1AI score0.09911EPSS
Exploits7References10Affected Software1
CVE
CVE
added 2015/08/25 5:0 p.m.199 views

CVE-2015-5161

CVE-2015-5161 affects ZendXml and Zend Framework components: ZendXml::scan in ZendXml &lt; 1.0.1 and Zend Framework/Tmpl versions &lt; 1.12.14, 2.x &lt; 2.4.6, and 2.5.x

6.8CVSS8.3AI score0.09911EPSS
Exploits7References10Affected Software1
NVD
NVD
added 2015/08/14 6:59 p.m.20 views

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

5CVSS7AI score0.0634EPSS
Exploits0References24
Debian CVE
Debian CVE
added 2015/08/14 6:0 p.m.29 views

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

5CVSS7.7AI score0.0634EPSS
Exploits0
CVE
CVE
added 2015/08/14 6:0 p.m.251 views

CVE-2015-1819

The CVE-2015-1819 entry is supported by connected data showing a deterministic DoS in libxml2 via XML Entity Expansion (XEE) during XML parsing, causing memory exhaustion. Amazon Linux 2 advisory ALAS2-2019-1220 explicitly groups CVE-2015-1819 with several libxml2 DoS/memory-related CVEs and inst...

5CVSS6.5AI score0.0634EPSS
Exploits0References24Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/08/03 3:13 p.m.31 views

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...

6.8CVSS9.7AI score0.09911EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/08/03 3:13 p.m.37 views

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...

6.8CVSS9.7AI score0.09911EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/08/03 3:13 p.m.28 views

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...

6.8CVSS9.7AI score0.09911EPSS
Exploits7Affected Software1
Rows per page
Query Builder