Lucene search
K

200 matches found

BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.7 views

The vulnerability of the ezxml_char_content function in the XML document syntax analysis library ezXML allows a attacker to cause a service failure.

The vulnerability of the ezxmlcharcontent function in the XML document syntax analysis library ezXML is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker who operates remotely to cause a service failure...

7.8CVSS7.2AI score0.01605EPSS
Exploits1References7Affected Software5
OSV
OSV
added 2023/06/29 9:30 p.m.3 views

GHSA-CCRC-9X59-3VC4 requests-xml XML External Entity Injection vulnerability

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS6.2AI score0.00731EPSS
Exploits0References5
OSV
OSV
added 2023/06/29 9:15 p.m.5 views

CVE-2020-26709

py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS6.1AI score0.00795EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.5 views

xml-rs 代码问题漏洞

xml-rs is an XML library for Rust. A code issue vulnerability exists in xml-rs crate versions prior to 0.8.14, which stems from allowing token errors to be caused by invalid xml markup...

7.5CVSS7.2AI score0.01172EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.3 views

PT-2023-24862 · Xml-Rs · Xml-Rs

Name of the Vulnerable Software and Affected Versions: xml-rs versions 0.8.9 through 0.8.13 Description: The issue allows for a denial of service panic via an invalid ! token, such as !DOCTYPEs/%!A nesting, in an XML document. Recommendations: For xml-rs versions 0.8.9 through 0.8.13, update to...

7.5CVSS6.9AI score0.01172EPSS
Exploits1References12
Prion
Prion
added 2023/05/09 1:15 p.m.20 views

Cross site scripting

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

6.8CVSS8.9AI score0.00818EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/05/09 12:53 p.m.69 views

CVE-2023-31126

The CVE-2023-31126 issue affects org.xwiki.commons:xwiki-commons-xml used by XWiki Platform. The HTML sanitizer introduced in 14.6-rc-1 allows cross-site scripting via invalid data-attribute names, e.g., through XWiki content link constructs. This has been fixed in XWiki 14.10.4 and 15.0 RC1 by r...

9.6CVSS8.9AI score0.00818EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/09 12:53 p.m.24 views

CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

9CVSS8.7AI score0.00818EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/05/09 12:53 p.m.10 views

CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

9CVSS9.1AI score0.00818EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/05/09 12:53 p.m.45 views

CVE-2023-31126 Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml

org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect...

9CVSS9.2AI score0.00818EPSS
Exploits0References3
OSV
OSV
added 2023/04/28 11:5 a.m.3 views

OESA-2023-1262 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

6.5CVSS8.8AI score0.01086EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.42 views

K70938105: Expat XML library vulnerability CVE-2016-5300

Security Advisory Description The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete...

7.8CVSS7.2AI score0.06539EPSS
Exploits0Affected Software21
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.58 views

K15104541: Expat XML library vulnerability CVE-2015-1283

Security Advisory Description Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact v...

6.8CVSS8.5AI score0.19069EPSS
Exploits0Affected Software24
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.42 views

K22232964: Expat XML library vulnerability CVE-2016-4472

Security Advisory Description The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an...

8.1CVSS9.1AI score0.11946EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:9 a.m.3 views

SUSE CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service infinite loop via XML containing invalid UTF-8 sequences...

5CVSS6.8AI score0.02566EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-9251

The xzdecomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035...

3.3CVSS9.2AI score0.0244EPSS
Exploits1References50
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.5 views

SUSE CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

5.3CVSS8.7AI score0.03681EPSS
Exploits0References53
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

7.5CVSS7.1AI score0.22791EPSS
Exploits2References95
Cvelist
Cvelist
added 2022/12/08 3:3 a.m.58 views

CVE-2022-23476 Unchecked return value from xmlTextReaderExpand in Nokogiri

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...

7.5CVSS7.5AI score0.0168EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2022/12/08 3:3 a.m.55 views

CVE-2022-23476

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Readerattributehash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...

7.5CVSS7.5AI score0.0168EPSS
Exploits0
Rows per page
Query Builder