CVE-2018-1000823

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

CVE-2018-1000823

Affected software: exist-db (XML Parser for REST Server)

CVE-2018-1000820

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity XXE vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c...

PT-2018-9544 · Neo4J Contrib · Neo4J-Apoc-Procedures

Name of the Vulnerable Software and Affected Versions: neo4j-contrib neo4j-apoc-procedures versions before commit 45bc09c Description: The issue is related to a XML External Entity XXE vulnerability in the XML Parser. This can result in disclosure of confidential data, denial of service,...

Medium: xerces-c

Issue Overview: A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data.CVE-2016-4463 Affected Packages: xerces-c Note: Thi...

Denial Of Service (DoS)

libdbus-c++.so is vulnerable to denial of service. The expansion of internal XML entities in the Expat-based XML parser is not disabled and potentially allows a remote attacker to cause a denial of service condition via billion laughs attack...

XML External Entity (XXE)

recurly-api-client is vulnerable to XML external entity XXE attacks. The XML parser did not restrict externa DTD parsing and allows for a remote attacker to perform XXE attacks, resulting in access to system files or possibly execution of arbitrary commands...

XML External Entity (XXE)

libxml2.so is vulnerable to XML external entity attacks XXE. The XML parser allows parsing of external entities by default, enabling remote attackers to conduct XXE attacks through a crafted document...

Remote Code Execution (RCE)

catalina is vulnerable to a remote code execution RCE attack. The library allows the replacement of the XML parser used for other web applications, allowing a malicious user to gain access to the applications' web.xml, context.xml or tld files...

CentOS 7 : xerces-c (CESA-2018:3335)

An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

xerces security update

CentOS Errata and Security Advisory CESA-2018:3335 An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

RHEL 7 : xerces-c (RHSA-2018:3514)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3514 advisory. Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and writ...

Moderate: Red Hat Security Advisory: xerces-c security update

An update for xerces-c is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

xerces-c: Stack overflow when parsing deeply nested DTD

A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data...

Axentra Hipserv Multiple Vulnerabilities (CVE-2018-18471)

Information disclosure and command injection vulnerabilities exist in Axentra Hipserv. This is due to an incorrectly configured XML parser accepting XML external entities. A remote unauthenticated attacker may exploit this vulnerability to disclose the contents of files or execute malicious...

Moderate: Red Hat Security Advisory: xerces-c security update

An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

GHSA-6XQ8-PVG4-3MF3 Eclipse RDF4j vulnerable to XML External Entity

Eclipse RDF4j version 2.4.0 Milestone 2 contains a XML External Entity XXE vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially...

vertx: API Validation XML Schemas do not forbid file system access

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

GHSA-MH7G-99W9-XPJM Remote code execution occurs in Apache Solr

Remote code execution occurs in Apache Solr before versions 5.5.5, 6.6.2 and 7.1.0 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external...

Apache Tika does not properly initialize the XML parser or choose handlers

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...