Lucene search
K

192 matches found

Tenable Nessus
Tenable Nessus
added 2023/12/14 12:0 a.m.24 views

AlmaLinux 9 : libxml2 (ALSA-2023:7747)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:7747 advisory. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows...

6.5CVSS6.6AI score0.00667EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/12/12 12:0 a.m.22 views

RHEL 9 : libxml2 (RHSA-2023:7747)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7747 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause...

6.5CVSS7AI score0.00667EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/12/07 1:55 p.m.6 views

libxml2: crafted xml can cause global buffer overflow

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

6.5CVSS7.3AI score0.00667EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.37 views

Amazon Linux AMI : libxml2 (ALAS-2023-1841)

The version of libxml2 installed on the remote host is prior to 2.9.1-6.6.43. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1841 advisory. Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at...

6.5CVSS6.9AI score0.00667EPSS
Exploits1References4
Prion
Prion
added 2023/08/31 2:15 p.m.14 views

Xxe

A XML External Entity XXE vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file...

4CVSS6.3AI score0.00658EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/08/31 12:0 a.m.20 views

CVE-2023-41635

A XML External Entity XXE vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file...

6.5AI score0.00658EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/08/30 9:12 p.m.55 views

CVE-2023-39615

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

6.5CVSS6.5AI score0.00667EPSS
Exploits1References4
NVD
NVD
added 2023/08/29 5:15 p.m.25 views

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

6.5CVSS6.4AI score0.00667EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2023/08/29 5:15 p.m.34 views

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

6.5CVSS6.8AI score0.00667EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/08/29 12:0 a.m.26 views

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

6.6AI score0.00667EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2023/08/29 12:0 a.m.49 views

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

6.5CVSS6.5AI score0.00667EPSS
Exploits1
Veracode
Veracode
added 2023/08/22 3:3 a.m.39 views

XML Injection

org.apache.ivy:ivy is vulnerable to XML Injection. The vulnerability exists due to improper external DTD XML restrictions. An attacker is able to exploit this vulnerability by parsing a specially crafted XML file, which allows the attacker to access sensitive information, such as passwords or oth...

8.2CVSS6.7AI score0.01855EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.11 views

The vulnerability of the ezxml_internal_dtd function in the XML document syntax analysis library ezXML allows a attacker to cause a service failure.

The vulnerability of the ezxmlinternaldtd function in the XML document syntax analysis library ezXML is related to pointer aliasing errors. Exploiting this vulnerability allows an attacker to trigger a service failure using a specially created XML file...

7.8CVSS6.5AI score0.01212EPSS
Exploits1References9Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.9 views

The vulnerability of the ezxml_decode function in the XML document syntax analysis library ezXML allows a attacker to cause a service failure.

The vulnerability of the ezxmldecode function in the ezXML XML syntax analysis library is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created XML file...

7.8CVSS7.5AI score0.01402EPSS
Exploits0References8Affected Software7
OSV
OSV
added 2023/06/29 9:30 p.m.46 views

GHSA-J6V2-MWXM-F952 py-xml XML External Entity Injection vulnerability

py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS7.8AI score0.00795EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/06/29 9:30 p.m.26 views

easy-parse XML External Entity Injection vulnerability

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS8.3AI score0.00795EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/06/29 9:15 p.m.14 views

CVE-2020-26708

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS7.8AI score0.00731EPSS
Exploits0References2
NVD
NVD
added 2023/06/29 9:15 p.m.24 views

CVE-2020-26710

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS7.8AI score0.00795EPSS
Exploits0References1
NVD
NVD
added 2023/06/29 9:15 p.m.28 views

CVE-2020-26709

py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS7.8AI score0.00795EPSS
Exploits0References1
PyPA
PyPA
added 2023/06/29 9:15 p.m.11 views

PYSEC-2023-97

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS8.5AI score0.00795EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder