Lucene search
+L

192 matches found

Cvelist
Cvelist
added 2021/04/11 3:6 p.m.26 views

CVE-2021-30485

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...

7.1AI score0.01124EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/04/11 3:6 p.m.45 views

CVE-2021-30485

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...

6.5CVSS6.3AI score0.01124EPSS
Exploits1
NVD
NVD
added 2021/04/09 6:15 p.m.17 views

CVE-2021-20080

Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks by uploading a crafted XML asset file...

6.1CVSS0.93108EPSS
Exploits1References1
OSV
OSV
added 2020/07/16 6:15 p.m.4 views

CVE-2020-3405

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...

7.3CVSS6.8AI score0.01281EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/16 5:22 p.m.23 views

CVE-2020-3405 Cisco SD-WAN vManage Software XML External Entity Vulnerability

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity XXE entries when parsing certain XML...

6.5CVSS7.2AI score0.01281EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/06/05 12:0 a.m.18 views

Huawei Data Communication: Memory Leak Vulnerability in Several Huawei Products (huawei-sa-20171213-04-xml)

There is a memory leak vulnerability in several Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

2.1CVSS0.3AI score0.00222EPSS
Exploits0References1
Prion
Prion
added 2020/05/06 5:15 p.m.15 views

Design/Logic Flaw

A vulnerability in the XML parser code of Cisco Firepower Device Manager On-Box software could allow an authenticated, remote attacker to cause an affected system to become unstable or reload. The vulnerability is due to insufficient hardening of the XML parser configuration. An attacker could...

6.8CVSS5.2AI score0.01216EPSS
Exploits0References1Affected Software1
Check Point Advisories
Check Point Advisories
added 2020/02/26 12:0 a.m.15 views

XStream Library Insecure Deserialization (CVE-2019-10173)

An insecure serialization vulnerability exists in XStream Library. The vulnerability is due to insufficient validation of event handler type in user-supplied XML data. A remote attacker could exploit this vulnerability by sending specially crafted XML file to the affected application. Successful...

7.5CVSS3.9AI score0.94774EPSS
Exploits4
Prion
Prion
added 2019/12/31 9:15 p.m.9 views

Null pointer dereference

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmldecode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen on a NULL pointer...

4.3CVSS6.4AI score0.01085EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2019/12/31 12:0 a.m.31 views

CVE-2019-20198

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlentok mishandles recursion, leading to stack consumption for a crafted XML file...

6.5CVSS6.6AI score0.01085EPSS
Exploits1References1
Prion
Prion
added 2019/07/23 2:15 p.m.18 views

Xxe

Jeesite 1.2.7 is affected by: XML External Entity XXE. The impact is: sensitive information disclosure. The component is: convertToModel function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload ...

4CVSS6.2AI score0.01312EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/07/23 1:52 p.m.23 views

CVE-2019-1010202

Jeesite 1.2.7 is affected by: XML External Entity XXE. The impact is: sensitive information disclosure. The component is: convertToModel function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload ...

6.3AI score0.01312EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2019/04/12 12:0 a.m.5 views

The vulnerability of the SAP HANA Extended Application Services development tool, related to errors in XML document processing, allows attackers to gain access to protected information or cause service failures.

The vulnerability of the SAP HANA Extended Application Services development tool is related to errors in processing XML documents. Exploiting this vulnerability can allow a malicious actor to gain access to protected information or cause service failures by using a specially created XML file...

8.7CVSS6.5AI score0.02128EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2019/01/22 2:20 p.m.40 views

CVE-2019-3817

A use-after-free flaw has been discovered in libcomps in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...

8.8CVSS2.2AI score0.01721EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2019/01/14 12:0 a.m.142 views

Traccar Server <= 4.2 XXE Vulnerability

Traccar is prone to an XXE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112483...

9.8CVSS9.6AI score0.01714EPSS
Exploits0References2
NVD
NVD
added 2018/12/30 6:29 p.m.22 views

CVE-2018-20592

In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...

5.5CVSS5.3AI score0.01492EPSS
Exploits1References5
Prion
Prion
added 2018/12/30 6:29 p.m.18 views

Design/Logic Flaw

In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...

4.3CVSS5.5AI score0.01492EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2018/12/30 6:29 p.m.26 views

CVE-2018-20592

In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...

5.5CVSS6.5AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2018/12/30 6:29 p.m.19 views

CVE-2018-20592

In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...

5.5CVSS6.1AI score0.01492EPSS
Exploits1References8
OSV
OSV
added 2018/12/30 6:29 p.m.5 views

UBUNTU-CVE-2018-20592

In Mini-XML aka mxml v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc...

5.5CVSS6AI score0.01492EPSS
Exploits1References9
Rows per page
Query Builder