CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1CVE-2014-2228
https://notcve.org/view.php?id=CVE-2014-2228
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages. La extensión XStream en HP Fortify SCA versiones anteriores a 2.2 RC3, permite a atacantes remotos ejecutar código arbitrario por medio de una deserialización no segura de mensajes XML. • https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2656
https://notcve.org/view.php?id=CVE-2012-2656
An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. Se presenta un problema de XML eXternal Entity (XXE) en Restlet versión 1.1.10 en un endpoint que utiliza transporte XML, lo que permite a un atacante remoto obtener información confidencial. • http://www.openwall.com/lists/oss-security/2012/05/29/11 http://www.openwall.com/lists/oss-security/2012/05/29/9 https://access.redhat.com/security/cve/cve-2012-2656 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2656 https://security-tracker.debian.org/tracker/CVE-2012-2656 • CWE-611: Improper Restriction of XML External Entity Reference •