XML External Entity (XXE)

org.eclipse.jdt and org.eclipse.platform are vulnerable to XML External Entity XXE. The vulnerability exists because the library does not disable access to external entities by default. This allows an attacker to inject malicious XML documents into an Eclipse project, potentially leading to...

DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.20.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, and 9.11.0 of Jira Software Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 RCE Pseudoshell This script leverages CVE-2023...

CVE-2021-41411

A flaw was found in the XML external entity injection vulnerability in the KieModuleMarshaller.java module of drools-compiler. This issue may lead to the disclosure of sensitive information...

CVE-2023-4218

In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...

CVE-2023-4218

In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...

CVE-2023-4218 XXE in eclipse.platform / Eclipse IDE

In Eclipse IDE versions 2023-09 4.29 some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file for example for review a foreign repository or patch...

Rocky Linux 8 : python-lxml (RLSA-2022:1932)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1932 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content...

Rocky Linux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2022:1764)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1764 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser...

Apache ActiveMQ Unauthenticated Remote Code Execution

This module exploits a deserialization vulnerability in the OpenWire transport unmarshaller in Apache ActiveMQ. Affected versions include 5.18.0 through to 5.18.2, 5.17.0 through to 5.17.5, 5.16.0 through to 5.16.6, and all versions before 5.15.16. Module Options msf use...

CVE-2023-46802

e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references XXE due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker...

CVE-2023-46802

CVE-2023-46802 concerns the e-Tax software (versions 3.0.10 and earlier) with an XML External Entity (XXE) vulnerability caused by the embedded XML parser configuration. A specially crafted XML file can lead to exposure/read access to internal system files. Public sources consistently reference t...

Rocky Linux 8 : firefox (RLSA-2022:0818)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0818 advisory. - xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certa...

Rocky Linux 8 : python27:2.7 (RLSA-2022:1821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1821 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser...

Rocky Linux 8 : libxml2 (RLSA-2023:0173)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0173 advisory. - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several...

Important: python

Issue Overview: An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. CVE-2022-48565 Affected Packages: python Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

CVE-2022-34832

VERMEG AgileReporter 21.3 is affected by an XML External Entity (XXE) vulnerability in the Analysis component when processing XML documents. The root cause is XXE and the impact involves potential confidentialit y/availability concerns as per the CVE description. The connected sources confirm the...

Amazon Linux 2 : python3 (ALAS-2023-2317)

The version of python3 installed on the remote host is prior to 3.7.10-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2317 advisory. A flaw was found in Python. The built-in modules httplib and http.client included in Python 2 and Python 3, respectively ...

org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability

Impact The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like commen...

Withdrawn Advisory: dom4j XML Entity Expansion vulnerability

Withdrawn Advisory This advisory has been withdrawn because the underlying vulnerability could not be reproduced. This link is maintained to preserve external references. Original Description An issue in dom4.j org.dom4.io.SAXReader v.2.1.4 and before allows a remote attacker to obtain sensitive...