Lucene search
+L

1013 matches found

CNVD
CNVD
added 2016/05/21 12:0 a.m.7 views

IBM Rational Team Concert Denial of Service Vulnerability

IBM Rational Team Concert RTC is a software lifecycle management solution based on the Jazz platform and supports decentralized teams to collaborate in real time. A security vulnerability exists in IBM Rational Team Concert's handling of external entities containing malicious XML, which could be...

6.5CVSS6.8AI score0.01231EPSS
Exploits0References1
OSV
OSV
added 2016/05/20 10:59 a.m.1 views

DEBIAN-CVE-2016-1837

Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a...

5.5CVSS7.7AI score0.04092EPSS
Exploits1References1
OSV
OSV
added 2016/05/20 12:0 a.m.2 views

UBUNTU-CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

7.8CVSS7.8AI score0.03239EPSS
Exploits1References11
OSV
OSV
added 2016/05/20 12:0 a.m.5 views

UBUNTU-CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

5.5CVSS7AI score0.02559EPSS
Exploits1References11
CNVD
CNVD
added 2016/05/19 12:0 a.m.5 views

Cisco Adaptive Security Appliance Denial of Service Vulnerability (CNVD-2016-03383)

Cisco Adaptive Security Appliance ASA, Adaptive Security Appliance is a set of firewall appliances from the American company Cisco Cisco. The appliance also includes IPS Intrusion Prevention System, SSL VPN, IPSec VPN, anti-spam and other features. A security vulnerability exists in the XML parse...

6.8CVSS6.7AI score0.01183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2016/05/18 12:0 a.m.4 views

PT-2016-2294 · Expat +6 · Expat +6

Name of the Vulnerable Software and Affected Versions: Expat affected versions not specified Description: The issue is caused by a buffer overflow in the Expat library. It may allow a remote attacker to cause a denial of service crash or execute arbitrary code using specially crafted XML data...

10CVSS8.5AI score0.95707EPSS
Exploits24References149
OSV
OSV
added 2016/05/18 12:0 a.m.5 views

UBUNTU-CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS7.2AI score0.12367EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2016/05/17 12:0 a.m.6 views

PT-2016-4752 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions through 9.5.2 Description: The issue concerns the XML parser in the software, allowing remote authenticated users to cause a denial of service, which may result in instability, memory...

6.8CVSS6.4AI score0.01183EPSS
Exploits0References4
CNVD
CNVD
added 2016/05/10 12:0 a.m.4 views

mxml stack resource consumption vulnerability (CNVD-2016-03005)

mxml is an XML language for laying out user interfaces in Adobe Flex. A security vulnerability exists in the mxml-node.c file of mxml. An attacker can exploit the vulnerability with the help of a specially crafted xml file to cause stack resource consumption...

7.1CVSS6.8AI score0.01589EPSS
Exploits0References1
CNVD
CNVD
added 2016/05/06 12:0 a.m.2 views

Libxml2 Stack Buffer Overflow Vulnerability

Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A stack buffer overflow vulnerability exists in Libxml2. An attacker can exploit this...

7.5CVSS8.8AI score0.05103EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/05/03 3:30 p.m.6 views

jenkins: Remote code execution through remote API (SECURITY-247)

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...

9CVSS6.2AI score0.83259EPSS
Exploits23References5
CNVD
CNVD
added 2016/04/30 12:0 a.m.6 views

PHP ext/xml/xml.c Integer Overflow Vulnerability

PHP is an open source general-purpose computer scripting language. An integer overflow vulnerability exists in PHP's ext/xml/xml.c file, which allows remote attackers to use the vulnerability to crash an application or execute arbitrary code...

9.8CVSS9.5AI score0.05175EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2016/03/31 12:0 a.m.6 views

The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the nsScannerString::AppendUnicodeTo function in Thunderbird email clients, as well as in Firefox and Firefox ESR browsers, arises due to buffer overflows. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure memory exhaustion ...

6.8CVSS8.4AI score0.02973EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2016/03/31 12:0 a.m.8 views

The vulnerability of the Squid proxy server allows a hacker to cause a service failure.

The vulnerability of the Edge Side Includes parser of the Squid proxy server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause a service failure—such as the appearance of an error message “Assertion failure” or the termination of...

5CVSS7.2AI score0.08953EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2016/03/22 12:0 a.m.2 views

Libxml2 Denial of Service Vulnerability (CNVD-2016-01804)

Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A security vulnerability exists in Libxml2. This vulnerability can be exploited to cause ...

7.5CVSS6.6AI score0.07025EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2016/03/10 3:11 p.m.4 views

xerces-c: parser crashes on malformed input

It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with...

9.8CVSS7.8AI score0.09115EPSS
Exploits0References5
OSV
OSV
added 2016/02/12 3:59 p.m.3 views

DEBIAN-CVE-2016-2073

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...

6.5CVSS6.8AI score0.0231EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/02/12 12:0 a.m.9 views

Vulnerability of Mac OS X and iOS operating systems, allowing attackers to read arbitrary files

The vulnerability of operating systems Mac OS X and iOS is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to remotely access and read arbitrary files using a specially crafted iBook file containing links to external XML...

5CVSS7.3AI score0.02112EPSS
Exploits0References5Affected Software2
RedHat Linux
RedHat Linux
added 2016/02/04 9:42 p.m.4 views

jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags

It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...

7.5CVSS7.6AI score0.1326EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/01/26 1:10 p.m.5 views

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

5CVSS7.2AI score0.05453EPSS
Exploits0References5
Rows per page
Query Builder