Lucene search
Veracode Vulnerability DatabaseVERACODE:39908HistoryMar 22, 2023 - 11:52 a.m.
XML External Entity (XXE) Injection
2023-03-2211:52:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
xml external entity injection
vulnerability
arbitrary url disclosure
local file disclosure
libplist.so
EPSS
0.002
Percentile
55.8%
libplist.so is vulnerable to XML External Entity (XXE) Injection. The vulnerability exists due to the plist_from_xml function in xplist.c because external references are not restricted which allows an attacker to use a specifically crafted XML file to issue a request to an arbitrary URL or disclose a local file.
Related
nessus
nessus
SUSE SLED12 / SLES12 Security Update : libplist (SUSE-SU-2023:0872-1)
2023-03-23 00:00:00
Amazon Linux 2 : libplist (ALAS-2023-2067)
2023-06-05 00:00:00
EulerOS 2.0 SP5 : libplist (EulerOS-SA-2024-1147)
2024-02-08 00:00:00
amazon
amazon
Medium: libplist
2023-05-25 17:41:00
nvd
nvd
CVE-2015-10082
2023-02-21 07:15:10
prion
prion
Xxe
2023-02-21 07:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for libplist (EulerOS-SA-2024-1147)
2024-02-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0872-1)
2023-03-28 00:00:00
redhatcve
redhatcve
CVE-2015-10082
2023-02-28 21:59:21
cve
cve
CVE-2015-10082
2023-02-21 07:15:10
cvelist
cvelist