Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
billion vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1455
A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory r...
NA
CVE-2013-1864
The Portable Tool Library (aka PTLib) prior to 2.10.10, as used in Ekiga prior to 4.0.1, does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted PXML document containin...
Opalvoip Portable Tool Library 2.10.7
Opalvoip Portable Tool Library 2.10.2
Opalvoip Portable Tool Library 2.10.1
Opalvoip Portable Tool Library 2.10.9
Ekiga Ekiga
Suse Suse Linux Enterprise Software Development Kit 11.0
Suse Suse Linux Enterprise Desktop 11.0
7.5
CVSSv3
CVE-2019-5442
XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does not bound the memory on that process...
Pippo Pippo 1.12.0
NA
CVE-2015-2942
MediaWiki prior to 1.19.24, 1.2x prior to 1.23.9, and 1.24.x prior to 1.24.2, when using HHVM, allows remote malicious users to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF fi...
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.9
Mediawiki Mediawiki 1.21.10
Mediawiki Mediawiki 1.22.5
Mediawiki Mediawiki 1.22.6
Mediawiki Mediawiki 1.22.14
Mediawiki Mediawiki 1.22.15
Mediawiki Mediawiki 1.23.6
Mediawiki Mediawiki 1.23.7
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.22.1
Mediawiki Mediawiki 1.22.2
Mediawiki Mediawiki 1.22.9
Mediawiki Mediawiki 1.22.10
Mediawiki Mediawiki 1.22.11
Mediawiki Mediawiki 1.23.2
6.5
CVSSv3
CVE-2021-40439
Apache OpenOffice has a dependency on expat software. Versions before 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache Open...
Apache Openoffice
6.5
CVSSv3
CVE-2021-32623
Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast before 9.6 are vulnerable to the billion laughs attack, which allows an malicious user to easily execute a (seemingly permanent) denial of service attack, essentially ta...
Apereo Opencast
7.5
CVSSv3
CVE-2021-41272
Besu is an Ethereum client written in Java. Starting in version 21.10.0, changes in the implementation of the SHL, SHR, and SAR operations resulted in the introduction of a signed type coercion error in values that represent negative values for 32 bit signed integers. Smart contr...
Linuxfoundation Besu 21.10.0
Linuxfoundation Besu 21.10.1
5.5
CVSSv3
CVE-2023-24056
In pkgconf up to and including 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.
Pkgconf Pkgconf
5.9
CVSSv3
CVE-2023-31290
Trust Wallet Core prior to 3.1.1, as used in the Trust Wallet browser extension prior to 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit...
Trustwallet Trust Wallet Browser Extension
Trustwallet Trust Wallet Core
4.9
CVSSv3
CVE-2023-37481
Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bo...
Ethyca Fides
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »