Search Results (3197 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6111 1 Ibm 1 Curam Social Program Management 2025-04-20 N/A
IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 2000833.
CVE-2016-6256 1 Sap 1 Business One 2025-04-20 N/A
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065.
CVE-2016-6798 1 Apache 1 Sling 2025-04-20 N/A
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application.
CVE-2016-6805 1 Apache 1 Ignite 2025-04-20 N/A
Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.
CVE-2016-0721 3 Clusterlabs, Fedoraproject, Redhat 3 Pcs, Fedora, Enterprise Linux 2025-04-20 N/A
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVE-2016-9388 3 Canonical, Jasper Project, Redhat 3 Ubuntu Linux, Jasper, Enterprise Linux 2025-04-20 5.5 Medium
The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVE-2016-9389 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
CVE-2016-9390 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file.
CVE-2015-5171 2 Cloudfoundry, Pivotal Software 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa 2025-04-20 9.8 Critical
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
CVE-2014-0030 1 Apache 1 Roller 2025-04-20 N/A
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
CVE-2017-13746 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1297 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13747 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
There is a reachable assertion abort in the function jpc_floorlog2() in jpc/jpc_math.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13749 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
There is a reachable assertion abort in the function jpc_pi_nextrpcl() in jpc/jpc_t2cod.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13750 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
There is a reachable assertion abort in the function jpc_dec_process_siz() in jpc/jpc_dec.c:1296 in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13751 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
There is a reachable assertion abort in the function calcstepsizes() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-13752 2 Fedoraproject, Jasper Project 2 Fedora, Jasper 2025-04-20 7.5 High
There is a reachable assertion abort in the function jpc_dequantize() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack.
CVE-2017-1383 1 Ibm 2 Infosphere Information Server, Softlayer 2025-04-20 N/A
IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 127155.
CVE-2017-14007 1 Prominent 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware 2025-04-20 N/A
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.
CVE-2017-14868 1 Restlet 1 Restlet 2025-04-20 N/A
Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension.
CVE-2017-14949 1 Restlet 1 Restlet 2025-04-20 N/A
Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation.