Pulse Connect Secure < 9.1R8.2 (SA44588)

According to its self-reported version, the version of Pulse Connect Secure running on the remote host is prior to 9.1R8.2. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to...

CVE-2019-3772 Spring Integration XML External Entity Injection (XXE)

Spring Integration spring-integration-xml and spring-integration-ws modules, versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection XXE when receiving XML data from untrusted sources...

CVE-2016-4434

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...