CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000061 – xmlsec1: xmlsec vulnerable to external entity expansion
https://notcve.org/view.php?id=CVE-2017-1000061
13 Jul 2017 — xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service En xmlsec versión 1.2.23 y anteriores, son vulnerables a un problema de tipo XML External Entity Expansion mientras se analizan documentos de entrada creados, resultando en una posible divulgación de información o denegación de servicio. It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) a... • https://access.redhat.com/errata/RHSA-2017:2492 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 1CVE-2016-9318 – libxml2: XML External Entity vulnerability
https://notcve.org/view.php?id=CVE-2016-9318
16 Nov 2016 — libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. libxml2 2.9.4 y versiones anteriores, como se usa en XMLSec 1.2.23 y versiones anteriores y otros productos, no ofrece un indicador que indique directamente que el documento actual puede ser leido pero... • http://www.securityfocus.com/bid/94347 • CWE-611: Improper Restriction of XML External Entity Reference •