Lucene search
K

124 matches found

Github Security Blog
Github Security Blog
added 2023/03/08 5:19 p.m.29 views

XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference

Impact Any user with edit rights on a document can trigger a XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. Example to reproduce: Create a forget XAR file and inside it, have the following package.xml content: xml Helper pages...

7.7CVSS7.3AI score0.00746EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/02/20 11:15 a.m.14 views

CVE-2016-15026

A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The pat...

7.8CVSS6.2AI score0.00543EPSS
Exploits0References5
CVE
CVE
added 2023/02/20 11:0 a.m.60 views

CVE-2016-15026

CVE-2016-15026 affects 3breadt dd-plist version 1.17 with an XML External Entity (XXE) handling flaw in the XML parser. The issue can be leveraged by a local attacker to read arbitrary files on the server by supplying specially crafted XML content. A fix is available in dd-plist 1.18, with the pa...

7.8CVSS6.1AI score0.00543EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/02/20 11:0 a.m.16 views

CVE-2016-15026 3breadt dd-plist xml external entity reference

A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The pat...

5.3CVSS7.6AI score0.00543EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/02/19 6:30 p.m.42 views

java-xmlbuilder vulnerable to XML External Entity Reference

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is...

9.8CVSS8.9AI score0.01231EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2023/02/19 5:15 p.m.41 views

CVE-2014-125087

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is...

9.8CVSS7.5AI score0.01231EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2023/02/14 12:0 a.m.30 views

JVN#00712821: Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools

tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools provided by FUJITSU LIMITED contain an improper restriction of XML external entity reference XXE vulnerability CWE-611. Impact By reading a specially crafted XML file, arbitrary files which meet a certain condition may be...

7.4CVSS7.4AI score0.00677EPSS
Exploits0
NVD
NVD
added 2023/01/30 7:15 a.m.23 views

CVE-2023-22322

Improper restriction of XML external entity reference XXE vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed...

5.5CVSS5.4AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/30 12:0 a.m.26 views

CVE-2023-22322

Improper restriction of XML external entity reference XXE vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed...

5.7AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2023/01/09 12:15 p.m.23 views

CVE-2021-4311

A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended ...

9.8CVSS6.7AI score0.00669EPSS
Exploits0References4
Prion
Prion
added 2023/01/09 12:15 p.m.18 views

Xxe

A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended ...

7.5CVSS9.4AI score0.00669EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/01/09 11:20 a.m.28 views

CVE-2021-4311 Talend Open Studio for MDM XML xml external entity reference

A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended ...

5.5CVSS9.8AI score0.00669EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/01/07 9:30 p.m.20 views

kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The name of...

9.8CVSS9.2AI score0.00804EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/01/07 9:30 p.m.31 views

GHSA-RH3M-PR36-XH2F kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The name of...

9.8CVSS7.6AI score0.00804EPSS
Exploits0References6
NVD
NVD
added 2023/01/07 8:15 p.m.18 views

CVE-2015-10029

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is...

9.8CVSS6.7AI score0.00804EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/01/07 7:36 p.m.24 views

CVE-2015-10029 kelvinmo simplexrd simplexrd.class.php xml external entity reference

A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is...

5.5CVSS9.7AI score0.00804EPSS
Exploits0References4
Prion
Prion
added 2023/01/06 10:15 a.m.14 views

Xxe

A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/econtract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference...

7.5CVSS7.1AI score0.00731EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/01/06 9:46 a.m.58 views

CVE-2016-15011

The CVE-2016-15011 issue affects e-Contract dssp up to 1.3.1, specifically the function checkSignResponse in dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The root cause is a vulnerability leading to XML External Entity (XXE) reference. A fix is available in dssp ...

9.8CVSS7.5AI score0.00731EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/01/05 12:15 p.m.18 views

CVE-2020-36641

A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.14.0 is able...

9.8CVSS9.6AI score
Exploits0References4
Prion
Prion
added 2023/01/05 12:15 p.m.17 views

Xxe

A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.14.0 is able...

7.5CVSS9.5AI score0.00845EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder