Total
988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-22354 | 2024-05-21 | N/A | 7.0 HIGH | ||
IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401. | |||||
CVE-2024-2826 | 2024-05-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716. | |||||
CVE-2023-3276 | 1 Dromara | 1 Hutool | 2024-05-17 | 5.2 MEDIUM | 7.5 HIGH |
A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-2806 | 1 Weaver | 1 E-cology | 2024-05-17 | 5.2 MEDIUM | 8.8 HIGH |
A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2022-4818 | 1 Talend | 1 Open Studio For Mdm | 2024-05-17 | N/A | 4.3 MEDIUM |
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference. Upgrading to version 20221220_1938 is able to address this issue. The name of the patch is 95590db2ad6a582c371273ceab1a73ad6ed47853. It is recommended to upgrade the affected component. The identifier VDB-216997 was assigned to this vulnerability. | |||||
CVE-2022-4607 | 1 Tum | 1 Ogc Web Feature Service | 2024-05-17 | N/A | 9.8 CRITICAL |
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch is 246f4e2a97ad81491c00a7ed72ce5e7c7f75050a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216215. | |||||
CVE-2021-4311 | 1 Talend | 1 Open Studio | 2024-05-17 | 4.9 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability. | |||||
CVE-2021-4295 | 1 Healthit | 1 Code-validator-api | 2024-05-17 | N/A | 9.8 CRITICAL |
A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability. | |||||
CVE-2020-36641 | 1 Gturri | 1 Axmlrpc | 2024-05-17 | 4.9 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as problematic was found in gturri aXMLRPC up to 1.12.0. This vulnerability affects the function ResponseParser of the file src/main/java/de/timroes/axmlrpc/ResponseParser.java. The manipulation leads to xml external entity reference. Upgrading to version 1.14.0 is able to address this issue. The patch is identified as 456752ebc1ef4c0db980cb5b01a0b3cd0a9e0bae. It is recommended to upgrade the affected component. VDB-217450 is the identifier assigned to this vulnerability. | |||||
CVE-2020-36640 | 1 Bonitasoft | 1 Webservice Connector | 2024-05-17 | 4.9 MEDIUM | 9.8 CRITICAL |
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The patch is named a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443. | |||||
CVE-2018-25082 | 1 Wechat Sdk Python Project | 1 Wechat Sdk Python | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403. | |||||
CVE-2017-20151 | 1 Itextpdf | 1 Rups | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a patch to fix this issue. VDB-217054 is the identifier assigned to this vulnerability. | |||||
CVE-2016-15026 | 1 Dd-plist Project | 1 Dd-plist | 2024-05-17 | 4.3 MEDIUM | 7.8 HIGH |
A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The name of the patch is 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability. | |||||
CVE-2016-15011 | 1 E-contract | 1 Dssp | 2024-05-17 | 4.9 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The identifier of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability. | |||||
CVE-2015-10082 | 1 Libimobiledevice | 1 Libplist | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499. | |||||
CVE-2015-10029 | 1 Simplexrd Project | 1 Simplexrd | 2024-05-17 | 4.9 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The patch is identified as 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability. | |||||
CVE-2014-125087 | 1 Java-xmlbuilder Project | 1 Java-xmlbuilder | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480. | |||||
CVE-2024-4357 | 2024-05-15 | N/A | 6.5 MEDIUM | ||
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. | |||||
CVE-2024-3486 | 2024-05-15 | N/A | 7.8 HIGH | ||
XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. | |||||
CVE-2024-30043 | 2024-05-14 | N/A | 6.5 MEDIUM | ||
Microsoft SharePoint Server Information Disclosure Vulnerability |