Lucene search
+L

1013 matches found

CNVD
CNVD
added 2017/05/24 12:0 a.m.2 views

SAP TranslationSupport Application XML External Entity Injection Vulnerability

SAP TranslationSupport Application is software from SAP Germany. An XML external entity injection vulnerability exists in the SAP TranslationSupport application. An attacker could exploit this vulnerability to gain access to sensitive information or cause a denial of service...

7.3AI score
Exploits0References1
CNVD
CNVD
added 2017/05/24 12:0 a.m.1 views

SAP Composite Application Framework Authorization Tool XML External Entity Injection Vulnerability

SAP Composite Application Framework is the German SAP SAP company integrated SAP NetWeaver to create composite applications for the software. An XML external entity injection vulnerability exists in the SAP Composite Application Framework Authorization Tool. An attacker could exploit this...

7.3AI score
Exploits0References1
CNVD
CNVD
added 2017/05/24 12:0 a.m.4 views

RESTEasy XML External Entity Injection Vulnerability

RESTEasy is the United States Red Hat Red Hat, Inc. of a JBoss open source project , which provides a variety of frameworks for building RESTful Web Services and RESTful Java applications . RESTEasy has an XML external entity injection vulnerability. An attacker could exploit this vulnerability t...

7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/05/10 12:43 p.m.3 views

JDK: XML External Entity Injection (XXE) error when processing XML data

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

8.2CVSS7.4AI score0.03632EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/05/09 10:46 a.m.9 views

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

7.1CVSS7.3AI score0.03311EPSS
Exploits0References5
CNVD
CNVD
added 2017/05/03 12:0 a.m.4 views

Wonderware Historian Client Native XML External Entity Injection Vulnerability

Schneider Electric Wonderware Historian is the French Schneider Electric Schneider Electric company's set of high-speed data acquisition and storage systems and traditional relational database management system combined with industrial data management software. A local XML external entity injecti...

6.6CVSS6.8AI score0.00388EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/05/01 12:0 a.m.3 views

PT-2023-10261 · Libplist +2 · Libplist +2

Name of the Vulnerable Software and Affected Versions: libplist version 1.12 Description: A problematic issue has been found in the XML Handler component of libplist, specifically affecting the plist from xml function in the src/xplist.c file. This issue leads to an xml external entity reference...

9.8CVSS6.2AI score0.03799EPSS
Exploits6References35
RedHat Linux
RedHat Linux
added 2017/04/21 2:10 a.m.7 views

OpenJDK: incomplete XML parse tree size enforcement (JAXP, 8169011)

It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory...

7.1CVSS7.3AI score0.03311EPSS
Exploits0References5
CNVD
CNVD
added 2017/04/21 12:0 a.m.31 views

Apache CXF Server Spoofing Vulnerability

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs , etc. JAX-RSXML Security streaming clients is one of the use of XML signatures and XML...

5.3CVSS9.3AI score0.11167EPSS
Exploits0References1
CNVD
CNVD
added 2017/04/17 12:0 a.m.3 views

CoDeSys Stack Buffer Overflow Vulnerability

3S-Smart Software Solutions CODESYS is a suite of PLC programmable logic controller software programming tools from 3S-Smart Software Solutions, Germany. CODESYS Web Server is one of the web servers. A stack buffer overflow vulnerability exists in CODESYS Web Server version 2.3 and earlier. An...

9.8CVSS7.7AI score0.01998EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/31 12:0 a.m.7 views

IBM Cúram Social Program Management XML External Entity Injection Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Cúram Social Program Management suffers from an XML external entity injection vulnerability. A remote attacker cou...

9.1CVSS6.9AI score0.0208EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/20 12:0 a.m.28 views

Apache Camel Validation Component Request Forgery Vulnerability

Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern of Java objects POJO implementation ...

7.4CVSS8.3AI score0.0489EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/16 12:0 a.m.5 views

Microsoft Windows XML External Entity Information Disclosure Vulnerability

Microsoft Windows is the popular computer operating system. Microsoft Windows suffers from an XML External Entity Information Disclosure vulnerability that can be exploited by an attacker to read sensitive information on the target system...

5.3CVSS6.2AI score0.02059EPSS
Exploits0References1
OSV
OSV
added 2017/03/07 3:59 p.m.3 views

DEBIAN-CVE-2016-10040

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service application crash via a xml file with multiple nested open tags...

5.5CVSS6.1AI score0.01922EPSS
Exploits1References1
OSV
OSV
added 2017/03/02 9:59 p.m.3 views

UBUNTU-CVE-2016-10068

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service segmentation fault and application crash via a crafted XML file...

5.5CVSS6.8AI score0.01889EPSS
Exploits0References4
OSV
OSV
added 2017/02/23 4:59 p.m.3 views

CVE-2016-8974

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference ...

8.1CVSS5.8AI score0.01223EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/22 12:0 a.m.4 views

IBM Rational Rhapsody Design Manager XML External Entity Injection Vulnerability

IBM Rational Rhapsody Design Manager is a Jazz-based platform from IBM that helps systems engineers apply Model-Based Systems Engineering MBSE through SysML to help embedded software developers dismantle engineering silos and collaborate with key stakeholders, such as managers, quality managers,...

8.1CVSS7.3AI score0.01223EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/21 12:0 a.m.4 views

IBM Integration Bus and WebSphere Message Broker XML External Entity Injection Vulnerability

IBM Integration Bus formerly known as IBM WebSphere Message Broker is an enterprise service bus ESB product from IBM. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. An XML external entity injection...

9.1CVSS8.9AI score0.0176EPSS
Exploits0References1
CNVD
CNVD
added 2017/02/13 12:0 a.m.2 views

Cimetrics BACnet Explorer XML External Entity Injection Vulnerability

BACnet Explorer is a BACnet client application that helps to automatically discover BACnet devices. Cimetrics BACnet Explorer suffers from an XML external entity injection vulnerability that can be exploited by an attacker to obtain sensitive information...

7.3AI score
Exploits0References1
OSV
OSV
added 2017/02/03 3:59 p.m.4 views

DEBIAN-CVE-2016-4571

The mxmlwritenode function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service stack consumption via crafted xml file...

5.5CVSS6.8AI score0.01589EPSS
Exploits0References1
Rows per page
Query Builder