Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
billion vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-40439
Apache OpenOffice has a dependency on expat software. Versions before 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache Open...
Apache Openoffice
NA
CVE-2013-4549
QXmlSimpleReader in Qt prior to 5.2 allows context-dependent malicious users to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
Digia Qt
Qt Qt 5.0.2
7.5
CVSSv3
CVE-2021-40511
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.
Obdasystems Mastro 1.0
7.5
CVSSv3
CVE-2019-5427
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
Mchange C3p0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Oracle Retail Xstore Point Of Service 15.0
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Webcenter Sites 12.2.1.3.0
Oracle Retail Xstore Point Of Service 16.0
Oracle Webcenter Sites 12.2.1.4.0
Oracle Retail Xstore Point Of Service 17.0
Oracle Retail Xstore Point Of Service 18.0
Oracle Retail Xstore Point Of Service 19.0
Oracle Communications Ip Service Activator 7.4.0
Oracle Communications Ip Service Activator 7.3.0
Oracle Hyperion Infrastructure Technology 11.1.2.4
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Communications Session Route Manager
Oracle Enterprise Manager Base Platform 13.2.1.0
Oracle Documaker
7.5
CVSSv3
CVE-2020-3946
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service).
Vmware Installbuilder
7.5
CVSSv3
CVE-2023-47163
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
Remarshal Project Remarshal
7.5
CVSSv3
CVE-2022-40769
profanity up to and including 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
Profanity Project Profanity
7.5
CVSSv3
CVE-2018-10868
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.
Redhat Certification 7.0
NA
CVE-2022-28652
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
6.5
CVSSv3
CVE-2003-1564
libxml2, possibly prior to 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references,...
Xmlsoft Libxml2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »