124 matches found
Improper Restriction of XML External Entity Reference in Liquibase
The XMLChangeLogSAXParser function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference...
CVE-2022-0839
CVE-2022-0839 affects Liquibase in liquibase/liquibase prior to 4.8.0, due to improper validation in XMLChangeLogSAXParser() that enables XML External Entity processing. This could allow a remote attacker to disclose sensitive information or perform SSRF. The documented remediation is to upgrade ...
CVE-2022-0265 Improper Restriction of XML External Entity Reference in hazelcast/hazelcast
Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1...
CVE-2022-23640 Improper Restriction of XML External Entity Reference in Excel-Streaming-Reader
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no...
CVE-2022-0239
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2022-0239
The CVE-2022-0239 entry pertains to Stanford CoreNLP (corenlp) with an XML External Entity (XXE) processing flaw. Root cause: SchemaFactory is created without secure processing enabled and is used to validate XML against a schema, enabling XXE when processing malicious XML. Impact (per public rec...
CVE-2022-0198 Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
GHSA-Q4XF-3PMQ-3HW8 Improper Restriction of XML External Entity Reference in Apache NiFi
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...
CVE-2021-3836
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2021-3836 Improper Restriction of XML External Entity Reference in dbeaver/dbeaver
dbeaver is vulnerable to Improper Restriction of XML External Entity Reference...
VISAM VBASE Editor
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Improper Access Control, Cross-site Scripting, Improper Restriction of XML External Entity Reference, Using Components with Known Vulnerabilities 2. RISK...
CVE-2021-3878
corenlp is vulnerable to Improper Restriction of XML External Entity Reference...
CVE-2021-3878
CVE-2021-3878 affects Stanford CoreNLP: XML External Entity (XXE) processing vulnerability in readDocument() via DomReader.java. An unauthenticated, network-based attacker could exploit this to read arbitrary files, cause DoS, SSRF, port scanning, or other system impacts as indicated by the descr...
CVE-2021-41098
A XML External Entity Reference XXE vulnerability was found in RubyGem Nokogiri on JRuby Java implementation of the Ruby. If attacker is able to insert untrusted XML input containing a reference to an external entity, it is processed by a weakly configured SAX parser, resulting disclosure of...
GHSA-7QFM-6M33-RGG9 XML External Entity Reference
An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import...
Siemens Solid Edge File Parsing (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Solid Edge Vulnerabilities: Out-of-bounds Write, Improper Restriction of XML External Entity Reference, Out-of-bounds Read 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...
WECON LeviStudioU (Update C)
1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: WECON Technology Co., Ltd WECON Equipment: LeviStudioU --------- Begin Update C Part 1 of 3 --------- Vulnerabilities: Stack-based Buffer Overflow, Improper Restriction of XML External Entity Reference, Heap-based...
Mitsubishi Electric Factory Automation Engineering Software Products
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Mitsubishi Electric Equipment: Factory Automation Engineering Software Products Vulnerabilities: Improper Restriction of XML External Entity Reference and Uncontrolled Resource Consumption 2. RISK...
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Johnson Controls Equipment: Metasys Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability can allow a...
Mitsubishi Electric FR Configurator2
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric FR Configurator2 Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation...