Lucene search
+L

1013 matches found

OSV
OSV
added 2016/01/21 3:0 a.m.7 views

CVE-2016-0457

Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456. NOTE: the previous information is...

5.9AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/01/19 12:0 a.m.7 views

The vulnerability of the Flash Player and Adobe Integrated Runtime software allows a perpetrator to execute arbitrary code.

The vulnerabilities of the Flash Player and Adobe Integrated Runtime programs are caused by an overflow in the dynamic memory buffer. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code using a specially created XML object during a call to the toString method...

9.3CVSS8.3AI score0.0795EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2016/01/13 12:0 a.m.5 views

Apple iOS libxml2 memory corruption vulnerability (CNVD-2016-00215)

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1. A remote attacker could exploit this vulnerability ...

4.3CVSS8.7AI score0.02075EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/12/07 8:46 p.m.6 views

Camel: XXE in via SAXSource expansion

It was found that Apache Camel's XML converter performed XML External Entity XXE expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more...

5CVSS5.8AI score0.07527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/12/07 11:59 a.m.8 views

libxml2: CPU exhaustion when processing specially crafted XML input

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU...

7.1CVSS7.2AI score0.04537EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/12/07 11:59 a.m.5 views

libxml2: Out-of-bounds memory access

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

4.3CVSS7.2AI score0.03069EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/12/07 10:13 a.m.5 views

libxml2: Out-of-bounds memory access

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

4.3CVSS7.2AI score0.03069EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/12/07 10:13 a.m.8 views

libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information...

5CVSS7.2AI score0.05907EPSS
Exploits1References4
CNVD
CNVD
added 2015/11/26 12:0 a.m.6 views

Cisco Adaptive Security Appliance Software Denial of Service Vulnerability (CNVD-2015-07836)

Cisco Adaptive Security Appliance Software is a modular platform that provides security and VPN services from Cisco. A denial of service vulnerability exists in Cisco Adaptive Security Appliance Software 8.4 that could allow an authenticated remote user to cause a denial of service via a crafted...

6.8CVSS6.6AI score0.0151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2015/11/18 12:0 a.m.8 views

PT-2015-3258

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.3 Description The issue is related to the xmlSAX2TextNode function in the HTML parser of libxml2, which allows context-dependent attackers to cause a denial of service or obtain sensitive information via crafted X...

10CVSS7.6AI score0.52063EPSS
Exploits36References140
OSV
OSV
added 2015/11/18 12:0 a.m.3 views

UBUNTU-CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

6.4CVSS7.4AI score0.05436EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2015/11/05 12:0 a.m.7 views

Vulnerability of the Java Platform software platform, which allows attackers to gain access to protected information

The vulnerability of the JAXP sub-component of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to protected information through a Java Web Start application or Java applet...

5CVSS6.7AI score0.04695EPSS
Exploits0References3
CNVD
CNVD
added 2015/09/20 12:0 a.m.5 views

Unspecified Vulnerability in Apple OS X Server Wiki Server XML

Apple Mac OS X is a commercial operating system. Multiple unspecified vulnerabilities exist in Apple OS X Server Wiki Server processing XML. A detailed vulnerability description is not currently available...

10CVSS6.8AI score0.01968EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/09/08 12:0 a.m.11 views

Vulnerabilities of iOS and Mac OS X operating systems, which allow attackers to gain access to protected information or cause service failures

The vulnerability of the libxml2 component in iOS and Mac OS X operating systems arises due to buffer overflows. Exploiting this vulnerability can allow an attacker to gain access to sensitive information or cause service failures by using a specially crafted XML document...

4.3CVSS7.4AI score0.02413EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2015/07/23 12:59 a.m.5 views

DEBIAN-CVE-2015-1283

Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data, a related...

6.8CVSS9.5AI score0.19069EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/08 12:0 a.m.4 views

Z-BLOG Blind-XXE Arbitrary File Read Vulnerability

Z-Blog is developed by RainbowSoft Studio a Blog program based on the Asp platform . Z-Blog has an arbitrary file read vulnerability. /zbsystem/xml-rpc/index.php directly call simpleloadstring parsing XML, resulting in XML entity injection, an attacker can read system files using the vulnerabilit...

7.1AI score
Exploits0References1
CNVD
CNVD
added 2015/06/29 12:0 a.m.3 views

SAP Mobile Platform XML External Entity Information Disclosure Vulnerability

SAP Mobile Platform SMP is a mobile application development platform from SAP. The platform is used to build packaged and customized development applications for any device. A security vulnerability exists in the SAP Mobile Platform XML external entity. This vulnerability could be exploited by an...

6.6AI score
Exploits0References1
CNVD
CNVD
added 2015/05/26 12:0 a.m.53 views

Apache Jackrabbit XML External Entity Input Vulnerability

Apache Jackrabbit is a full compliance with the Java API version of the content storage specification JCR implementation . An XML external entity injection vulnerability exists in Apache Jackrabbit, which allows remote attackers to exploit the vulnerability by submitting a special XML request to...

6.4CVSS7.3AI score0.51488EPSS
Exploits6References1
CNVD
CNVD
added 2015/05/21 12:0 a.m.6 views

IBM License Metric Tool Directory Traversal Vulnerability

The IBM License Metric Tool is a free tool from IBM USA that helps IBM Passport Advantage Software Upgrade and Support Services customers determine their Processor Value Unit PVU license requirements. A directory traversal vulnerability exists in the IBM License Metric Tool and Tivoli Asset...

6.4CVSS6.9AI score0.01794EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.4 views

XStream: remote code execution due to insecure XML deserialization

It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream...

9.8CVSS8AI score0.84362EPSS
Exploits5References7
Rows per page
Query Builder