Lucene search
+L

27 matches found

Ubuntu
Ubuntu
added 2024/05/09 3:54 p.m.29 views

USN-6769-1: Spreadsheet::ParseXLSX vulnerabilities

Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage memory during cell merge operations. An attacker could possibly use this issue to consume large amounts of memory, resulting in a denial of service condition. CVE-2024-22368 An Pham discovered that Spreadsheet::ParseXLSX...

6.5CVSS6.2AI score0.00776EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2024/05/08 7:55 p.m.31 views

@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability

Impact XML External entity injections could be possible, when running the provided XML Validator on arbitrary input. POC js const Spec: Version , Validation: XmlValidator = require'@cyclonedx/cyclonedx-library'; const version = Version.v1dot5; const validator = new XmlValidatorversion; const inpu...

8.1CVSS7.5AI score0.00925EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/23 6:43 p.m.28 views

Security Bulletin: A security vulnerability has been identified in WebSphere® Application Server and IBM WebSphere Application Server Liberty shipped with IBM® Intelligent Operations Center (CVE-2024-22354)

Summary IBM WebSphere® Application Server and and IBM WebSphere Application Server Liberty are shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere® Application Server and IBM WebSphere Application Server Liberty has been published in...

7CVSS7AI score0.00649EPSS
Exploits0Affected Software2
Cvelist
Cvelist
added 2023/08/11 4:13 p.m.51 views

CVE-2023-0871 An XML External Entity injection vulnerability

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...

5.4CVSS6.7AI score0.00489EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/30 6:9 a.m.21 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server traditional shipped with IBM Intelligent Operations Center(CVE-2023-27554)

Summary IBM WebSphere Application Server traditional is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in...

9.1CVSS7.7AI score0.00859EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/12/06 5:15 p.m.18 views

CVE-2022-45326

An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...

4.9CVSS0.01139EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/06/14 2:46 a.m.32 views

CVE-2022-31447

An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...

7.5AI score0.01172EPSS
Exploits1References2
OSV
OSV
added 2022/05/17 1:50 a.m.34 views

GHSA-G4JG-GPWV-P7WV Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding JAXB input, aka an XML external entity XXE injection attack, a similar vulnerability to...

5CVSS8.5AI score0.03213EPSS
Exploits0References13
OSV
OSV
added 2022/05/06 8:15 p.m.12 views

CVE-2021-23792

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...

9.8CVSS9.6AI score
Exploits0References2
Cvelist
Cvelist
added 2022/05/06 8:5 p.m.33 views

CVE-2021-23792 XML External Entity (XXE) Injection

The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file e.g. when an online profile...

7.3CVSS9.8AI score0.00995EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/12/10 8:15 p.m.33 views

CVE-2021-23463

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...

9.1CVSS7.2AI score0.03284EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2021/12/10 8:0 p.m.68 views

CVE-2021-23463

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...

9.1CVSS9.4AI score0.03284EPSS
Exploits1
Cvelist
Cvelist
added 2021/12/10 8:0 p.m.38 views

CVE-2021-23463 XML External Entity (XXE) Injection

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML method. If it executes the getSource method when the paramete...

8.1CVSS9.6AI score0.03284EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2021/07/29 5:50 p.m.17 views

CVE-2021-23418

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

9.8CVSS9.7AI score0.01639EPSS
Exploits1
Cvelist
Cvelist
added 2021/07/29 5:50 p.m.29 views

CVE-2021-23418 XML External Entity (XXE) Injection

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

6.3CVSS9.8AI score0.01639EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/28 11:2 a.m.13 views

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-20453)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager versions 3.9,4.1.1,4.2.0. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security...

3AI score0.02563EPSS
Exploits0Affected Software1
NVD
NVD
added 2021/05/07 11:15 a.m.21 views

CVE-2020-36124

Pax Technology PAXSTORE v7.0.820200511171508 and lower is affected by XML External Entity XXE injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user clients and administrators...

6.5CVSS0.01258EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/04/06 8:52 p.m.21 views

CVE-2021-22158

The Proofpoint Insider Threat Management Server formerly ObserveIT Server is vulnerable to XML external entity XXE injection in the Web Console. The vulnerability requires admin user privileges and knowledge of the XML file's encryption key to successfully exploit. All versions before 7.11 are...

7.3AI score0.00621EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/19 3:22 p.m.17 views

Security Bulletin: WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity (XXE) Injection Vulnerability (CVE-2020-4949)

Summary WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to an XML External Entity XXE Injection vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Principal...

3.7AI score0.04754EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/17 4:52 a.m.22 views

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2021-20353)

Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the...

8.2CVSS3AI score0.05162EPSS
Exploits0Affected Software1
Rows per page
Query Builder