146 matches found
CVE-2020-1564
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...
CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability
...
CVE-2020-1564
CVE-2020-1564 : A remote code execution vulnerability exists in the Windows Jet Database Engine due to improper handling of objects in memory. An attacker could persuade a user to open a specially crafted file to execute arbitrary code. Impact is described as high/severe (per NVD metrics), with a...
Microsoft Windows Multiple Vulnerabilities (KB4571729)
This host is missing a critical security update according to Microsoft KB4571729 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Multiple Vulnerabilities (KB4571703)
This host is missing a critical security update according to Microsoft KB4571703 SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
snakeyaml: Billion laughs attack via alias feature
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
CVE-2017-18640
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
EulerOS 2.0 SP5 : qt (EulerOS-SA-2020-1323)
According to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to...
EulerOS 2.0 SP8 : qt (EulerOS-SA-2020-1299)
According to the version of the qt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to...
Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1679, CVE-2018-1564, CVE-2017-1633)
Summary Security Bulletin: Information disclosure security vulnerability affects IBM Sterling B2B Integrator. Vulnerability Details CVEID: CVE-2018-1679 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition could allow an unauthenticated user to obtain sensitive information that could be used...
Design/Logic Flaw
Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564...
DEBIAN-CVE-2017-18640
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
UBUNTU-CVE-2017-18640
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
Design/Logic Flaw
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
CVE-2017-18640
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...
Denial Of Service (DoS)
gnome-vfs2 is vulnerable to denial of service DoS attacks. The vulnerability exists as neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted...
Debian: Security Advisory (DLA-1564-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Sql injection
PDF-XChange Editor through 7.0.326.1 allows remote attackers to cause a denial of service resource consumption via a crafted x:xmpmeta structure, a related issue to CVE-2003-1564...
CVE-2018-1564
IBM Sterling B2B Integrator Standard Edition (5.2.0.1–5.2.6.3) could allow a local administrator to obtain user passwords from debugging messages. This is documented in CVE-2018-1564 and corroborated by IBM security bulletin and CNVD summaries. Remediation: apply Fix Pack 5020603_6 (IBM Sterling ...
CVE-2016-1564
Multiple cross-site scripting XSS vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a 1 stylesheet name or 2 template name to wp-admin/customize.php...