Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12401 | 1 Apache | 1 Solr | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs. | |||||
| CVE-2018-10868 | 1 Redhat | 1 Certification | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host. | |||||
| CVE-2017-18640 | 4 Fedoraproject, Oracle, Quarkus and 1 more | 4 Fedora, Peoplesoft Enterprise Pt Peopletools, Quarkus and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | |||||
| CVE-2015-9541 | 2 Fedoraproject, Qt | 2 Fedora, Qt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | |||||
| CVE-2014-2228 | 1 Talend | 1 Restlet | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. | |||||
| CVE-2013-6461 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | |||||
| CVE-2013-6460 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | |||||
| CVE-2013-4335 | 1 Openpne | 1 Opopensocialplugin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities | |||||
| CVE-2012-6685 | 2 Nokogiri, Redhat | 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks | |||||
| CVE-2012-3340 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291. | |||||