CVE-2024-55156

MEDIUM Year: 2024
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-134
View all →

Vulnerability Description

An XML External Entity (XXE) vulnerability in the deserializeArgs() method of Java SDK for CloudEvents v4.0.1 allows attackers to access sensitive information via supplying a crafted XML-formatted event message.

Related Vulnerabilities

CVE-2017-17132

MEDIUM
CVSS:5.5(Medium)

Huawei VP9660 V500R002C10 has a uncontrolled format string vulnerability when the license module output the log information. An authenticated local attacker could exploit this vulnerability to cause a...

CWE-1342017

CVE-2018-15749

MEDIUM
CVSS:5.5(Medium)

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.

CWE-1342018

CVE-2019-13318

MEDIUM
CVSS:5.5(Medium)

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that t...

CWE-1342019

CVE-2015-2894

MEDIUM
CVSS:5.3(Medium)

Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifie...

CWE-1342015

CVE-2021-37735

MEDIUM
CVSS:5.3(Medium)

A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0....

CWE-1342021

CVE-2024-23914

MEDIUM
CVSS:5.7(Medium)

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Conte...

CWE-1342024