Lucene search
+L

17 matches found

NVD
NVD
added 2024/11/04 5:15 p.m.22 views

CVE-2024-51136

An XML External Entity XXE vulnerability in Dmoz2CSV in openimaj v1.3.10 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted XML file...

9.8CVSS0.01156EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/08/15 12:0 a.m.22 views

CVE-2024-22219

XML External Entity XXE vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution RCE, or...

0.00723EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.29 views

CVE-2022-45397

Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

9.7AI score0.00961EPSS
Exploits0References2
Prion
Prion
added 2020/11/13 1:15 a.m.22 views

Server side request forgery (ssrf)

An XML external entity XXE vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2...

5.5CVSS6.3AI score0.03501EPSS
Exploits2References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2020/08/03 12:0 a.m.26 views

RHEL 8 : postgresql-jdbc (RHSA-2020:3283)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3283 advisory. PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs ...

7.7CVSS7.5AI score0.04094EPSS
Exploits0References5
Prion
Prion
added 2020/07/28 6:15 p.m.20 views

Xxe

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.75020200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReporterImportLicense class. Due to the improper restriction of...

7.8CVSS7.4AI score0.63787EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2018/12/20 10:2 p.m.32 views

exist-db:exist-core XML External Entity (XXE) vulnerability

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

10CVSS3.9AI score0.01879EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2018/12/20 3:29 p.m.24 views

CVE-2018-1000829

Anyplace version before commit 80359b4 contains a XML External Entity XXE vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4...

9CVSS9.1AI score0.01335EPSS
Exploits0References2
Prion
Prion
added 2018/12/20 3:29 p.m.13 views

Xxe

KeePassDX version = 2.5.0.0beta17 contains a XML External Entity XXE vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

7.5CVSS9.3AI score0.01799EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/12/20 3:0 p.m.23 views

CVE-2018-1000840

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity XXE vulnerability in loadXML function that can result in An attacker can read arbitrary files and exfiltrate their contents via HTTP requests. This attack appear to be exploitable via The victim must use...

6.4AI score0.02177EPSS
Exploits1References2
NVD
NVD
added 2018/06/26 4:29 p.m.23 views

CVE-2018-1000548

Umlet version 14.3 contains a XML External Entity XXE vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixe...

7.8CVSS7.5AI score0.01317EPSS
Exploits1References2
Prion
Prion
added 2018/06/26 4:29 p.m.12 views

Xxe

LoboEvolution version 9b75694cedfa4825d4a2330abf2719d470c654cd contains a XML External Entity XXE vulnerability in XML Parsing when viewing the XML file in the browser that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be...

6.8CVSS7.3AI score0.01217EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/01/16 7:29 p.m.21 views

CVE-2016-0219

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

6.5CVSS6AI score0.01231EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/12/15 6:0 p.m.18 views

CVE-2017-14101

A security researcher found an XML External Entity XXE vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable...

9.2AI score0.01438EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2017/12/05 12:27 p.m.18 views

Developers Targeted in ‘ParseDroid’ PoC Attack

Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. The attack vector was...

1AI score
Exploits0References1
Prion
Prion
added 2014/09/23 3:55 p.m.22 views

Xxe

XML External Entity XXE vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference...

5.8CVSS7.3AI score0.02486EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/08/28 1:0 a.m.15 views

CVE-2014-5398 Schneider Electric Wonderware Input Validation

Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

2.1CVSS6.8AI score0.00565EPSS
Exploits0References2
Rows per page
Query Builder