Lucene search
K

60 matches found

RedhatCVE
RedhatCVE
added 2020/03/31 7:37 a.m.29 views

CVE-2020-2138

Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

7.1CVSS4.3AI score0.00926EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/02/12 2:35 p.m.23 views

CVE-2020-2115

Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity XXE attacks...

8.8AI score0.0115EPSS
Exploits0References2
Veracode
Veracode
added 2019/06/14 3:53 a.m.14 views

Unsafe Deserialization

shopware/shopware is vulnerable to XML external entity attacks via unsafe deserialization. The sort parameter in the function loadPreviewAction in the ShopwareControllersBackendProductStream controller is not validated before PHP object instantiation is performed, which would allow an attacker to...

8.8CVSS6.6AI score0.54681EPSS
Exploits6References2Affected Software1
Debian CVE
Debian CVE
added 2018/02/24 2:0 a.m.48 views

CVE-2017-18197

In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...

9.8CVSS9.4AI score0.02954EPSS
Exploits1
OSV
OSV
added 2018/01/03 3:50 p.m.18 views

MGASA-2018-0048 Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities

Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...

10CVSS7.7AI score0.23694EPSS
Exploits7References10
RedHat Linux
RedHat Linux
added 2017/12/12 5:40 p.m.51 views

Moderate: Red Hat Security Advisory: rh-java-common-lucene security update

An update for rh-java-common-lucene is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.2AI score0.91896EPSS
Exploits11References3
OSV
OSV
added 2017/11/17 2:29 p.m.17 views

CVE-2017-10889

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity XXE attacks via unspecified vectors...

4.3CVSS6.7AI score
Exploits0References2
NVD
NVD
added 2017/11/08 4:29 p.m.29 views

CVE-2017-9096

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS8.5AI score0.09946EPSS
Exploits1References4
EUVD
EUVD
added 2017/11/08 4:0 p.m.9 views

EUVD-2022-3126

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

8.8CVSS8.3AI score0.09946EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2017/11/01 12:0 a.m.14 views

PT-2020-6701

Name of the Vulnerable Software and Affected Versions FasterXML Jackson Databind affected versions not specified Description A flaw in FasterXML Jackson Databind allows vulnerability to XML external entity XXE attacks due to improper entity expansion security. The highest threat from this issue i...

7.8CVSS6.8AI score0.17611EPSS
Exploits0References221
Veracode
Veracode
added 2017/07/31 12:2 a.m.29 views

XML External Entity (XXE) Attacks

Zendframework and several Zendservices are vulnerable to XML External Entity XXE attacks. The libxmldisableentityloader is not correctly shared between threads then PHP-FPM is used, allowing attackers to conduct XXE attacks. This is as a result of an incomplete fix for CVE-2012-5657...

6.8CVSS9.2AI score0.02164EPSS
Exploits0References7Affected Software11
Tenable Nessus
Tenable Nessus
added 2017/01/13 12:0 a.m.40 views

Debian DSA-3759-1 : python-pysaml2 - security update

Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. %NASLMINLEVEL...

9CVSS6.6AI score0.0386EPSS
Exploits0References5
OSV
OSV
added 2016/07/14 8:33 p.m.6 views

MGASA-2016-0253 Updated pdfbox packages fix security vulnerability

Apache PDFBox before 1.8.12 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF CVE-2016-2175...

7.8CVSS7.3AI score0.04758EPSS
Exploits0References4
Debian
Debian
added 2016/06/24 8:6 p.m.30 views

[SECURITY] [DSA 3606-1] libpdfbox security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3606-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2016 https://www.debian.org/security/faq -...

7.8CVSS7.7AI score0.04758EPSS
Exploits0
OSV
OSV
added 2016/06/06 12:0 a.m.18 views

DLA-504-1 libxstream-java - security update

Bulletin has no description...

7.5CVSS7.5AI score0.08179EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/12/07 8:46 p.m.33 views

Critical: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.2.0 update

Red Hat JBoss BPM Suite 6.2.0, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores...

10CVSS7AI score0.83274EPSS
Exploits9References7
RedHat Linux
RedHat Linux
added 2015/05/11 5:40 p.m.31 views

Moderate: Red Hat Security Advisory: spacewalk-java security update

Updated spacewalk packages that fix one security issue are now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from t...

7.5CVSS5.8AI score0.02694EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2014/06/11 2:55 p.m.21 views

CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS7.1AI score0.07794EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2014/02/14 12:0 a.m.36 views

RHEL 5 : JBoss EAP (RHSA-2014:0170)

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.1 and fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact...

5CVSS6.6AI score0.08863EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2012/09/06 12:0 a.m.50 views

Ektron CMS 8.5.0 File Upload / XXE Injection

Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...

7.4AI score
Exploits0
Rows per page
Query Builder