Lucene search
K

343 matches found

Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.4 views

PT-2024-32663 · Sap Se · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to missing validation of XML input, which allows an unauthenticated attacker to send malicious input to an endpoint. This leads to ...

5.3CVSS6.3AI score0.00415EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2024/10/28 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2725)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.4AI score0.00532EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/10/14 3:53 p.m.17 views

org.hl7.fhir.core: org.hl7.fhir.dstu3: org.hl7.fhir.r4: org.hl7.fhir.r4b: org.hl7.fhir.r5: org.hl7.fhir.utilities: XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

8.6CVSS5.7AI score0.00975EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.16 views

EulerOS 2.0 SP11 : python-lxml (EulerOS-SA-2024-2565)

According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive...

9.1CVSS8AI score0.00532EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/10/09 12:0 a.m.10 views

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2591)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.4AI score0.00532EPSS
Exploits0References2
Veracode
Veracode
added 2024/09/19 6:9 a.m.6 views

XML External Entity (XXE)

kimai/kimai is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML input, specifically failing to securely process external entities within XML documents, allowing an attacker to inject malicious XML content...

7AI score
Exploits0
Veracode
Veracode
added 2024/08/29 10:48 a.m.10 views

Local File Bypass

phpoffice/phpspreadsheet is vulnerable to Local File Bypass. The vulnerability is due to improper validation and handling of XML input within XmlScanner.php, which allows attackers to exploit XXE to access local file contents...

8.8CVSS6.5AI score0.0057EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/07/29 8:39 a.m.22 views

CVE-2024-41881

SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted XML file, arbitrary code may be executed on the user's environme...

0.00535EPSS
Exploits0References3
Veracode
Veracode
added 2024/06/12 6:24 a.m.9 views

XML Entity Expansion (XXE)

ebookmeta is vulnerable to an XML External Entity XXE vulnerability. The vulnerability is due to improper handling of crafted XML input via the lxml dependency in the ebookmeta.getmetadata function, allowing attackers to access sensitive information or cause a Denial of Service DoS...

9.1CVSS6.6AI score0.00532EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/06/12 5:47 a.m.14 views

XML Entity Expansion (XXE)

ebookmeta is vulnerable to an XML External Entity XXE vulnerability. The vulnerability is due to improper handling of crafted XML input in the ebookmeta.getmetadata function, allowing attackers to access sensitive information or cause a Denial of Service DoS...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/07 9:31 p.m.25 views

ebookmeta XML External Entity vulnerability

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

7.5CVSS6AI score0.00498EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/07 9:31 p.m.37 views

ebookmeta XML External Entity vulnerability

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function via lxml dependency allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

9.1CVSS6.1AI score0.00532EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/07 9:31 p.m.14 views

GHSA-WHF4-FPJ8-PGG8 ebookmeta XML External Entity vulnerability

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

8.7CVSS7.3AI score0.00498EPSS
Exploits0References4
NVD
NVD
added 2024/06/07 7:15 p.m.20 views

CVE-2024-37388

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

9.1CVSS0.00532EPSS
Exploits0References1
OSV
OSV
added 2024/06/07 7:15 p.m.3 views

CVE-2024-37388

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

9.1CVSS5.8AI score0.00532EPSS
Exploits0References1
NVD
NVD
added 2024/06/07 7:15 p.m.15 views

CVE-2024-36827

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

7.5CVSS0.00498EPSS
Exploits0References1
OSV
OSV
added 2024/06/07 7:15 p.m.14 views

CVE-2024-36827

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

7.5CVSS6.4AI score
Exploits0References1
OSV
OSV
added 2024/06/07 7:15 p.m.17 views

PYSEC-2024-76

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

7.5CVSS7.3AI score0.00498EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/07 12:0 a.m.23 views

CVE-2024-37388

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

0.00532EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/07 12:0 a.m.25 views

CVE-2024-36827

An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of ebookmeta before v1.2.8 allows attackers to access sensitive information or cause a Denial of Service DoS via crafted XML input...

0.00498EPSS
Exploits0References1
Rows per page
Query Builder