Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

entity api project entity api vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2013-7391
The Entity API module 7.x-1.x prior to 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote malicious users to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ...
Entity Api Project Entity Api 7.x-1.0Entity Api Project Entity Api
NA
CVE-2013-4273
The Entity API module 7.x-1.x prior to 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. ...
Entity Api Project Entity Api 7.x-1.0Entity Api Project Entity Api 7.x-1.1
6.5
CVSSv3
CVE-2014-1399
The entity wrapper access API in the Entity API module 7.x-1.x prior to 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspecified vectors.
Entity Api Project Entity Api 7.x-1.0Entity Api Project Entity Api 7.x-1.1Entity Api Project Entity Api 7.x-1.2Fedoraproject Fedora 20Fedoraproject Fedora 19
6.5
CVSSv3
CVE-2014-1398
The entity wrapper access API in the Entity API module 7.x-1.x prior to 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statistics properties via unspecified vectors.
Entity Api Project Entity Api 7.x-1.2Entity Api Project Entity Api 7.x-1.1Entity Api Project Entity Api 7.x-1.0Fedoraproject Fedora 20Fedoraproject Fedora 19
6.5
CVSSv3
CVE-2014-1400
The entity_access API in the Entity API module 7.x-1.x prior to 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspecified vectors.
Entity Api Project Entity Api 7.x-1.2Entity Api Project Entity Api 7.x-1.0Entity Api Project Entity Api 7.x-1.1Fedoraproject Fedora 19Fedoraproject Fedora 20
NA
CVE-2015-2197
Cross-site scripting (XSS) vulnerability in the Entity API module prior to 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
Entity Api Project Entity Api
9
CVSSv3
CVE-2018-1000829
Anyplace version before commit 80359b4 contains a XML External Entity (XXE) vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit...
Anyplace Project Anyplace -
7.5
CVSSv3
CVE-2018-1000515
ventrian News-Articles version NewsArticles.00.09.11 contains a XML External Entity (XXE) vulnerability in News-Articles/API/MetaWebLog/Handler.ashx.vb that can result in Attacker can read any file in the server or use smbrelay attack to access to server..
News-articles Project News-articles 00.09.11
8.1
CVSSv3
CVE-2022-40674
libexpat prior to 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Libexpat Project LibexpatDebian Debian Linux 10.0Debian Debian Linux 11.0Fedoraproject Fedora 35Fedoraproject Fedora 36Fedoraproject Fedora 37
9.8
CVSSv3
CVE-2020-10683
dom4j prior to 2.0.3 and 2.1.x prior to 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...
Dom4j Project Dom4jOracle Insurance Policy Administration J2ee 10.2.0Oracle Insurance Rules Palette 10.2.0Oracle Retail Integration Bus 15.0Oracle Webcenter Portal 12.2.1.3.0Oracle Webcenter Portal 11.1.1.9.0Oracle Utilities Framework 4.2.0.3.0Oracle Utilities Framework 4.2.0.2.0Oracle Utilities Framework 2.2.0.0.0Oracle Flexcube Core Banking 11.7.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Endeca Information Discovery Integrator 3.2.0Oracle Application Testing Suite 13.3.0.1Oracle Retail Order Broker 15.0Oracle Retail Order Broker 16.0Oracle Retail Integration Bus 16.0Oracle Retail Customer Management And Segmentation Foundation 16.0Oracle Retail Customer Management And Segmentation Foundation 17.0Oracle Retail Customer Management And Segmentation Foundation 18.0Oracle Enterprise Data Quality 12.2.1.3.0Oracle Data Integrator 12.2.1.3.0Oracle Utilities Framework 4.4.0.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook