CWE:
 

Tytuł
Data
Autor
Med.
Revive Adserver 3.0.5 Cross Site Scripting / Denial Of Service
18.12.2014
Matteo Beccati
Med.
Ruby Entity expansion DoS vulnerability in REXML (XML bomb)
07.03.2013
Kurt Seifried


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-08-10
Medium
CVE-2021-38490

Vendor: Altova
Software: Mobiletogeth...
 

 
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425.

 
2021-07-09
Low
CVE-2021-3541

Vendor: Xmlsoft
Software: Libxml2
 

 
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

 
2021-06-28
Low
CVE-2020-15303

Vendor: Infoblox
Software: NIOS
 

 
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.

 
2021-06-16
Low
CVE-2021-32623

Vendor: Apereo
Software: Opencast
 

 
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 are vulnerable to the billion laughs attack, which allows an attacker to easily execute a (seemingly permanent) denial of service attack, essentially taking down Opencast using a single HTTP request. To exploit this, users need to have ingest privileges, limiting the group of potential attackers The problem has been fixed in Opencast 9.6. There is no known workaround for this issue.

 
2021-04-20
Medium
CVE-2021-20453

Vendor: IBM
Software: Websphere ap...
 

 
IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196648.

 
2021-04-13
Low
CVE-2021-28973

Vendor: Perforce
Software: Helix alm
 

 
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.

 
2021-03-12
Medium
CVE-2021-28302

Vendor: Pupnp project
Software: Pupnp
 

 
A stack overflow in pupnp 1.16.1 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.

 
2021-01-29
Low
CVE-2020-24665

Vendor: Hitachi
Software: Vantara pentaho
 

 
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA

 
2021-01-13
Low
CVE-2021-1267

Vendor: Cisco
Software: Firepower ma...
 

 
A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by crafting an XML-based widget on an affected server. A successful exploit could cause increased memory and CPU utilization, which could result in a DoS condition.

 
2020-09-01
Low
CVE-2012-3340

Vendor: IBM
Software: Infosphere g...
 

 
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 78291.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top