Lucene search
+L

109 matches found

NVD
NVD
added 2020/09/18 6:15 p.m.17 views

CVE-2020-14029

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files...

7.5CVSS0.01384EPSS
Exploits1References2
Prion
Prion
added 2020/09/18 6:15 p.m.16 views

Xxe

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files...

5CVSS7.4AI score0.01384EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/04/14 8:31 a.m.9 views

SUSE-SU-2020:0984-1 Security update for quartz

This update for quartz fixes the following issues: - CVE-2019-13990: Fixed XML External Entity attack in initDocumentParser bsc1143227...

9.8CVSS9.5AI score0.162EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/23 8:41 p.m.14 views

Security Bulletin: IBM Integration Bus and WebSphere Message Broker SOAP FLOWS are vulnerable to XML external entity attack (CVE-2016-9706)

Summary IBM Integration Bus and WebSphere Message Broker SOAP FLOWS are vulnerable to XML external entity attack. Vulnerability Details CVEID: CVE-2016-9706 DESCRIPTION: IBM Integration Bus and WebSphere Message Broker SOAP FLOWS are vulnerable to a denial of service attack, caused by an XML...

9.1CVSS0.4AI score0.0176EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2020/02/10 11:44 a.m.75 views

CVE-2019-13990

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

9.8CVSS9.3AI score0.162EPSS
Exploits0References3
exploitpack
exploitpack
added 2019/12/11 12:0 a.m.68 views

Apache Olingo OData 4.0 - XML External Entity Injection

Apache Olingo OData 4.0 - XML External Entity Injection COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High...

4.3CVSS0.2AI score0.12245EPSS
Exploits5
NVD
NVD
added 2019/09/11 6:15 p.m.22 views

CVE-2019-9488

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

4.9CVSS5AI score0.01227EPSS
Exploits0References1
Prion
Prion
added 2019/09/11 6:15 p.m.18 views

Xxe

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

4CVSS5AI score0.01227EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2019/09/11 6:0 p.m.29 views

CVE-2019-9488

Trend Micro Deep Security Manager 10.x, 11.x and Vulnerability Protection 2.0 are vulnerable to a XML External Entity Attack. However, for the attack to be possible, the attacker must have root/admin access to a protected host which is authorized to communicate with the Deep Security Manager DSM...

5.1AI score0.01227EPSS
Exploits0References1
CVE
CVE
added 2019/09/11 6:0 p.m.57 views

CVE-2019-9488

CVE-2019-9488 affects Trend Micro Deep Security Manager (10.x, 11.x) and Vulnerability Protection (2.0). The vulnerability is a XML External Entity Attack triggered when parsing XML, with the prerequisite that an attacker already has root/admin access on a host approved to communicate with the De...

4.9CVSS5AI score0.01227EPSS
Exploits0References1Affected Software2
Veracode
Veracode
added 2019/05/02 5:12 a.m.50 views

Privilege Escalation

The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain...

6.8CVSS4.7AI score0.04102EPSS
Exploits0References32Affected Software3
Prion
Prion
added 2018/08/03 3:29 p.m.16 views

Xxe

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml...

7.8CVSS7.6AI score0.02259EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/08/03 3:0 p.m.22 views

CVE-2017-8316

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml...

7.6AI score0.02259EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2018/03/26 12:0 a.m.14 views

Debian: Security Advisory (DLA-1299-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.02954EPSS
Exploits1References2
Prion
Prion
added 2018/03/12 9:29 p.m.19 views

Xxe

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files...

6.8CVSS6.4AI score0.03128EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/03/12 9:0 p.m.18 views

CVE-2018-5758

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files...

6.4AI score0.03128EPSS
Exploits1References1
CVE
CVE
added 2018/03/12 9:0 p.m.51 views

CVE-2018-5758

Summary: CVE-2018-5758 affects Aurea Jive Jive-n 9.0.2.1 On-Premises. The vulnerability arises in the Upload File functionality (upload.jspa), enabling an XML External Entity (XXE) attack via a crafted file to read arbitrary files. The provided sources consistently describe the flaw as an XXE in ...

6.8CVSS6.3AI score0.03128EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2017/11/09 12:0 a.m.715 views

iText PDF Library 7.0.2 / 5.5.11 / 2.0.8 XXE Injection Vulnerability

Exploit for java platform in category remote exploits Product: iText PDF Library Vendor: iText Group CVE ID: CVE-2017-9096 Subject: XML External Entity Attack XXE Risk: Medium Effect: Remotely exploitable Author: Benjamin Bruppacher Date: 2017-11-06 Introduction: ------------- iText is a software...

6.8CVSS0.2AI score0.09946EPSS
Exploits1
Cvelist
Cvelist
added 2017/10/10 6:0 p.m.28 views

CVE-2017-12623

An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity XXE attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a prior 1.x release should upgrade to the...

6.5AI score0.0194EPSS
Exploits3References1
OSV
OSV
added 2016/06/01 8:59 p.m.8 views

CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

7.8CVSS7.3AI score
Exploits0References12
Rows per page
Query Builder