Lucene search
K

124 matches found

Github Security Blog
Github Security Blog
added 2022/03/05 12:0 a.m.140 views

Improper Restriction of XML External Entity Reference in Liquibase

The XMLChangeLogSAXParser function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference...

9.8CVSS3.7AI score0.02921EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2022/03/04 2:25 p.m.243 views

CVE-2022-0839

CVE-2022-0839 affects Liquibase in liquibase/liquibase prior to 4.8.0, due to improper validation in XMLChangeLogSAXParser() that enables XML External Entity processing. This could allow a remote attacker to disclose sensitive information or perform SSRF. The documented remediation is to upgrade ...

9.8CVSS8.3AI score0.02921EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/03/03 9:40 p.m.26 views

CVE-2022-0265 Improper Restriction of XML External Entity Reference in hazelcast/hazelcast

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1...

7.3CVSS9.8AI score0.02792EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/03/02 7:50 p.m.49 views

CVE-2022-23640 Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader

Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...

9.8CVSS9.7AI score0.01446EPSS
Exploits0References2
NVD
NVD
added 2022/01/17 7:15 a.m.23 views

CVE-2022-0239

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

9.8CVSS0.01217EPSS
Exploits1References2
CVE
CVE
added 2022/01/17 6:15 a.m.104 views

CVE-2022-0239

The CVE-2022-0239 entry pertains to Stanford CoreNLP (corenlp) with an XML External Entity (XXE) processing flaw. Root cause: SchemaFactory is created without secure processing enabled and is used to validate XML against a schema, enabling XXE when processing malicious XML. Impact (per public rec...

9.8CVSS6.7AI score0.01217EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/01/13 6:45 a.m.13 views

CVE-2022-0198 Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

6.1CVSS6.6AI score0.00739EPSS
Exploits1References4
OSV
OSV
added 2022/01/06 8:41 p.m.20 views

GHSA-Q4XF-3PMQ-3HW8 Improper Restriction of XML External Entity Reference in Apache NiFi

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...

5.5CVSS5.6AI score0.01911EPSS
Exploits0References3
NVD
NVD
added 2021/12/14 4:15 p.m.10 views

CVE-2021-3836

dbeaver is vulnerable to Improper Restriction of XML External Entity Reference...

9.8CVSS0.00902EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/12/14 3:20 p.m.17 views

CVE-2021-3836 Improper Restriction of XML External Entity Reference in dbeaver/dbeaver

dbeaver is vulnerable to Improper Restriction of XML External Entity Reference...

9.8CVSS5.8AI score0.00902EPSS
Exploits1References2
ICS
ICS
added 2021/11/04 12:0 a.m.119 views

VISAM VBASE Editor

1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Improper Access Control, Cross-site Scripting, Improper Restriction of XML External Entity Reference, Using Components with Known Vulnerabilities 2. RISK...

7.5CVSS7.8AI score0.00668EPSS
Exploits0References5
NVD
NVD
added 2021/10/15 2:15 p.m.24 views

CVE-2021-3878

corenlp is vulnerable to Improper Restriction of XML External Entity Reference...

9.8CVSS0.01826EPSS
Exploits1References2
CVE
CVE
added 2021/10/15 1:40 p.m.69 views

CVE-2021-3878

CVE-2021-3878 affects Stanford CoreNLP: XML External Entity (XXE) processing vulnerability in readDocument() via DomReader.java. An unauthenticated, network-based attacker could exploit this to read arbitrary files, cause DoS, SSRF, port scanning, or other system impacts as indicated by the descr...

9.8CVSS9.5AI score0.01826EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2021/09/29 2:6 p.m.39 views

CVE-2021-41098

A XML External Entity Reference XXE vulnerability was found in RubyGem Nokogiri on JRuby Java implementation of the Ruby. If attacker is able to insert untrusted XML input containing a reference to an external entity, it is processed by a weakly configured SAX parser, resulting disclosure of...

7.5CVSS2.6AI score0.01374EPSS
Exploits0References4
OSV
OSV
added 2021/08/13 3:21 p.m.27 views

GHSA-7QFM-6M33-RGG9 XML External Entity Reference

An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...

7.5CVSS7.4AI score0.01349EPSS
Exploits0References2
ICS
ICS
added 2021/04/13 12:0 a.m.70 views

Siemens Solid Edge File Parsing (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Write, Improper Restriction of XML External Entity Reference, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

7.8CVSS8.3AI score0.02303EPSS
Exploits0References11
ICS
ICS
added 2020/08/25 12:0 a.m.72 views

WECON LeviStudioU (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd WECON Equipment: LeviStudioU --------- Begin Update C Part 1 of 3 --------- Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference, Heap-based...

7.8CVSS8.3AI score0.12007EPSS
Exploits0References5
ICS
ICS
added 2020/06/30 12:0 a.m.185 views

Mitsubishi Electric Factory Automation Engineering Software Products

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: Factory Automation Engineering Software Products Vulnerabilities: Improper Restriction of XML External Entity Reference and Uncontrolled Resource Consumption 2. RISK...

7.5CVSS8.1AI score0.01431EPSS
Exploits0References5
ICS
ICS
added 2020/03/10 12:0 a.m.57 views

Johnson Controls Metasys

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Johnson Controls Equipment: Metasys Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability can allow a...

9.1CVSS8.4AI score0.01286EPSS
Exploits0References5
ICS
ICS
added 2019/07/23 12:0 a.m.114 views

Mitsubishi Electric FR Configurator2

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric FR Configurator2 Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation...

7.1CVSS6AI score0.01019EPSS
Exploits0References6
Rows per page
Query Builder