17 matches found
EUVD-2019-0601
Malware in sbrugna...
EUVD-2022-6359
Malicious code in bioql PyPI...
EUVD-2023-53862
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-28757
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...
The vulnerability of the server for the Continuous Integration and Delivery system (CI/CD) of GoCD arises from incorrect restrictions on XML references to external objects. This allows attackers to perform XXE attacks.
The vulnerability of the CI/CD server of GoCD is related to an incorrect restriction on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...
UBUNTU-CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
SUSE CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
The vulnerability of the JDBC driver (PgJDBC) for connecting Java programs to the PostgreSQL database allows attackers to perform XXE attacks.
The vulnerability of the JDBC driver PgJDBC for connecting Java programs to the PostgreSQL database is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...
CVE-2021-41559
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...
CVE-2020-13965
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview...
CVE-2020-1693
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute...
Apache Solr 3.1.0 < 3.6.2 XML Resource Consumption Attack
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack via its update handle; leveraging XML DOCTYPE and ENTITY type elements, a remote, unauthenticated attacker may write data to the server which will expand when the server parses th...
samlr XML nodes comment attack
Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a nameid node with [email protected] followed by . and then the attacker's domain name...
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities
Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to multiple security vulnerabilities. There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 included in this release ...
CVE-2014-2745
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua...
OpenJDK: javax.xml.transform.TransformerFactory does not properly honor XMLConstants.FEATURE_SECURE_PROCESSING (JAXP, 8012425)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...
DEBIAN-CVE-2013-0338
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity...