Lucene search
K

187 matches found

Github Security Blog
Github Security Blog
added 2018/10/17 5:23 p.m.38 views

Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

7.5CVSS3.7AI score0.0497EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.66 views

EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1156)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial ...

9.8CVSS7.5AI score0.05928EPSS
Exploits0References4
OSV
OSV
added 2018/06/11 5:29 p.m.5 views

CVE-2017-3208

The Java implementation of AMF3 deserializers used by WebORB for Java by Midnight Coders, version 5.1.1.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server,...

9.8CVSS5.8AI score0.03999EPSS
Exploits2References4
NVD
NVD
added 2018/06/11 5:29 p.m.16 views

CVE-2017-3206

The Java implementation of AMF3 deserializers used by Flamingo amf-serializer by Exadel, version 2.2.0, allows external entity references XXEs from XML documents embedded within AMF3 messages. If the XML parsing is handled incorrectly it could potentially expose sensitive data on the server, deni...

9.8CVSS9.5AI score0.0368EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2018/05/02 12:0 a.m.55 views

EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2018-1089)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial ...

10CVSS7.9AI score0.23694EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/05/02 12:0 a.m.35 views

EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2018-1088)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial ...

9.8CVSS7.5AI score0.05928EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2018/02/27 12:0 a.m.35 views

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...

6.5CVSS7.1AI score0.02148EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/12/01 12:0 a.m.36 views

Debian DLA-1194-1 : libxml2 security update

CVE-2017-16931 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. CVE-2017-16932 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in paramet...

9.8CVSS7.2AI score0.05928EPSS
Exploits0References4
Debian
Debian
added 2017/11/30 2:5 p.m.74 views

[SECURITY] [DLA 1194-1] libxml2 security update

Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy11 CVE ID : CVE-2017-16931 CVE-2017-16932 CVE-2017-16931 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a % character in a DTD name...

9.8CVSS7.8AI score0.05928EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2017/11/24 3:49 p.m.34 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS3AI score0.04278EPSS
Exploits0References1
Prion
Prion
added 2017/11/23 9:29 p.m.31 views

Code injection

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

7.5CVSS9.2AI score0.04278EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2017/11/23 9:29 p.m.24 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS8.5AI score0.04278EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2017/11/23 9:29 p.m.31 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS7.1AI score0.04278EPSS
Exploits0References2
OSV
OSV
added 2017/11/23 9:29 p.m.5 views

ALPINE-CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS6.9AI score0.04278EPSS
Exploits0References1
OSV
OSV
added 2017/11/23 9:29 p.m.3 views

DEBIAN-CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS9.5AI score0.04278EPSS
Exploits0References1
OSV
OSV
added 2017/11/23 9:29 p.m.26 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS9.1AI score
Exploits0References5
Debian CVE
Debian CVE
added 2017/11/23 9:0 p.m.61 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS8.6AI score0.04278EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2017/11/23 9:0 p.m.57 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS9.2AI score0.04278EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2017/11/01 12:0 a.m.53 views

USN-3424-1: libxml2 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code...

10CVSS9AI score0.23694EPSS
Exploits5
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.63 views

Improper Input Validation in multi_xml

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

7.5CVSS5.8AI score0.03655EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder