Lucene search
K

69 matches found

SUSE CVE
SUSE CVE
added 2024/02/20 3:30 a.m.4 views

SUSE CVE-2024-23807

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...

9.8CVSS7.7AI score0.01482EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/02/02 12:0 a.m.16 views

SUSE SLES15 Security Update : xerces-c (SUSE-SU-2024:0300-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0300-1 advisory. - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. bsc1159552 Tenable has...

8.1CVSS7.2AI score0.09503EPSS
Exploits0References4
Veracode
Veracode
added 2024/01/30 6:27 p.m.27 views

Use After Free

The Apache Xerces is vulnerable to use-after-free. The vulnerability is due to improper handling of memory, leading to potential arbitrary code execution or denial of service. As a remedy, it is recommended to disable DTD processing, either through DOM parser features or by setting the...

8.1CVSS7.4AI score0.09503EPSS
Exploits0References16Affected Software1
RedHat Linux
RedHat Linux
added 2023/10/04 11:59 a.m.2 views

apache-ivy: XML External Entity vulnerability

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.2CVSS7.3AI score0.01855EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/08/22 4:53 p.m.47 views

CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.2CVSS8.3AI score0.01855EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/08/22 2:5 a.m.3 views

SUSE CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

7.3CVSS8.3AI score0.01855EPSS
Exploits0References4
OSV
OSV
added 2023/08/21 9:30 a.m.9 views

GHSA-2JC4-R94C-RP7H Apache Ivy External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.8CVSS7.3AI score0.01855EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2023/08/21 9:30 a.m.30 views

Apache Ivy External Entity Reference vulnerability

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.2CVSS8.3AI score0.01855EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2023/08/21 7:15 a.m.23 views

CVE-2022-46751

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.2CVSS8.4AI score0.01855EPSS
Exploits0References5
Prion
Prion
added 2023/08/21 7:15 a.m.24 views

Design/Logic Flaw

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

6.4CVSS8.3AI score0.01855EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/08/21 6:55 a.m.40 views

CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.6AI score0.01855EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/08/21 6:55 a.m.18 views

CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy

Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...

8.4AI score0.01855EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/08/17 12:0 a.m.6 views

PT-2023-8841 · Apache +1 · Apache Ivy +1

Name of the Vulnerable Software and Affected Versions: Apache Ivy versions prior to 2.5.2 Description: The issue is related to improper restriction of XML external entity references, which can lead to XML injection, also known as blind XPath injection. When Apache Ivy parses XML files, it allows...

8.8CVSS7.9AI score0.01855EPSS
Exploits0References32
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.4 views

SUSE CVE-2010-1632

Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...

7.5CVSS9.3AI score0.22372EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2021/09/07 12:0 a.m.38 views

openSUSE 15 Security Update : xerces-c (openSUSE-SU-2021:2958-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2958-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not be...

8.1CVSS7.5AI score0.09503EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/09/06 12:0 a.m.16 views

SUSE SLED15 / SLES15 Security Update : xerces-c (SUSE-SU-2021:2958-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2958-1 advisory. - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. Tenable has extracted the preceding...

8.1CVSS7.2AI score0.09503EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/09/04 12:0 a.m.31 views

SUSE SLES15 Security Update : xerces-c (SUSE-SU-2021:2920-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2920-1 advisory. - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. Tenable has extracted the preceding...

8.1CVSS7.2AI score0.09503EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/09/04 12:0 a.m.23 views

SUSE SLED12 / SLES12 Security Update : xerces-c (SUSE-SU-2021:2944-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2944-1 advisory. - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. Tenable has extracted the...

8.1CVSS7.2AI score0.09503EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.36 views

Debian DLA-2498-1 : xerces-c security update

The UK's National Cyber Security Centre NCSC discovered that Xerces-C, a validating XML parser library for C++, contains a use-after-free error triggered during the scanning of external DTDs. An attacker could cause a Denial of Service DoS and possibly achieve remote code execution. This flaw has...

8.1CVSS7.6AI score0.09503EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/09/07 12:0 a.m.30 views

NewStart CGSL MAIN 4.05 : xerces-c Vulnerability (NS-SA-2020-0052)

The remote NewStart CGSL host, running version MAIN 4.05, has xerces-c packages installed that are affected by a vulnerability: - The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the...

8.1CVSS7.5AI score0.09503EPSS
Exploits0References2
Rows per page
Query Builder