| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The patch is identified as 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability. |
| A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The identifier of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability. |
| The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs. |
| NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case. |
| WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable; prior versions may also be affected. |
| XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088. |
| XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 110915. |
| XML external entity (XXE) vulnerability in IBM InfoSphere Information Governance Catalog 11.3 before 11.3.1.2 and 11.5 before 11.5.0.1 allows remote authenticated users to read arbitrary files or cause a denial of service via crafted XML data. IBM X-Force ID: 110510. |
| IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303. |
| XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693. |
| MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. |
| XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload. |
| Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks. |
| lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. |
| nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. |
| XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357. |
| CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks. |
| In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes. |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query. |
