60 matches found
CVE-2020-2138
Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2115
Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...
Unsafe Deserialization
shopware/shopware is vulnerable to XML external entity attacks via unsafe deserialization. The sort parameter in the function loadPreviewAction in the ShopwareControllersBackendProductStream controller is not validated before PHP object instantiation is performed, which would allow an attacker to...
CVE-2017-18197
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...
MGASA-2018-0048 Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...
Moderate: Red Hat Security Advisory: rh-java-common-lucene security update
An update for rh-java-common-lucene is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2017-10889
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity XXE attacks via unspecified vectors...
CVE-2017-9096
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...
EUVD-2022-3126
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...
PT-2020-6701
Name of the Vulnerable Software and Affected Versions FasterXML Jackson Databind affected versions not specified Description A flaw in FasterXML Jackson Databind allows vulnerability to XML external entity XXE attacks due to improper entity expansion security. The highest threat from this issue i...
XML External Entity (XXE) Attacks
Zendframework and several Zendservices are vulnerable to XML External Entity XXE attacks. The libxmldisableentityloader is not correctly shared between threads then PHP-FPM is used, allowing attackers to conduct XXE attacks. This is as a result of an incomplete fix for CVE-2012-5657...
Debian DSA-3759-1 : python-pysaml2 - security update
Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. %NASLMINLEVEL...
MGASA-2016-0253 Updated pdfbox packages fix security vulnerability
Apache PDFBox before 1.8.12 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF CVE-2016-2175...
[SECURITY] [DSA 3606-1] libpdfbox security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3606-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2016 https://www.debian.org/security/faq -...
DLA-504-1 libxstream-java - security update
Bulletin has no description...
Critical: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.2.0 update
Red Hat JBoss BPM Suite 6.2.0, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores...
Moderate: Red Hat Security Advisory: spacewalk-java security update
Updated spacewalk packages that fix one security issue are now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from t...
CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
RHEL 5 : JBoss EAP (RHSA-2014:0170)
Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.1 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact...
Ektron CMS 8.5.0 File Upload / XXE Injection
Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...