Lucene search
+L

825 matches found

vulnrichment
vulnrichment
added 2025/04/28 12:0 a.m.10 views

CVE-2023-35815

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data...

3.5CVSS4.1AI score0.00405EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/02/18 12:0 a.m.4 views

PT-2025-7279 · Ibm · Ibm Cognos Controller +1

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 FP3 IBM Controller version 11.1.0 Description: The issue concerns an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose...

8.5CVSS6.8AI score0.00477EPSS
Exploits0References6
ibm
ibm
added 2025/01/28 10:8 p.m.28 views

Security Bulletin: Vulnerability in libexpat affects IBM Cloud Pak System[CVE-2024-45490]

Summary Vulnerability in libexpat affects IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45490 DESCRIPTION: libexpat could provide weaker than expected security, caused by the failure to reject a negative length for XMLParseBuffer. By providing a negative length value to the...

7.5CVSS6.5AI score0.01686EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.27 views

Security Bulletin: A vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation and may result in an External Entity Injection (XXE) attack when processing XML data (CVE-2024-22354).

Summary A vulnerability in WebSphere Application Server Liberty affects IBM Robotic Process Automation and may result in an External Entity Injection XXE attack when processing XML data. WebSphere Application Server is used as the application server layer for IBM Robotic Process Automation...

7CVSS6.7AI score0.00649EPSS
Exploits0Affected Software1
nessus
nessus
added 2025/01/23 12:0 a.m.27 views

GLSA-202501-08 : Qt: Buffer Overflow

The remote host is affected by the vulnerability described in GLSA-202501-08 Qt: Buffer Overflow When given specifically crafted data then QXmlStreamReader can end up causing a buffer overflow and subsequently a crash or freeze or get out of memory on recursive entity expansion, with DTD tokens i...

7.5CVSS7.4AI score0.01553EPSS
Exploits1References4
vulnrichment
vulnrichment
added 2025/01/17 2:16 a.m.6 views

CVE-2024-51462 IBM QRadar WinCollect Agent data manipulation

IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data...

4CVSS4.3AI score0.00357EPSS
Exploits0References1
ubuntu
ubuntu
added 2025/01/13 1:2 a.m.24 views

USN-7199-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2015-1283, CVE-2016-0718,...

9.8CVSS8AI score0.19069EPSS
Exploits6
cnvd
cnvd
added 2024/09/24 12:0 a.m.7 views

Apache HertzBeat Deserialization Vulnerability

Apache HertzBeat is a tool from the American company Apache Apache that can monitor various components. A deserialization vulnerability exists in Apache HertzBeat versions prior to 1.6.0, which stems from the insecure deserialization of serialized data received from users by the SnakeYAML library...

8.8CVSS7.5AI score0.04054EPSS
Exploits0References1
nvd
nvd
added 2024/06/23 11:15 p.m.17 views

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. The server process is not affected...

6.5CVSS0.00358EPSS
Exploits0References1
cve
cve
added 2024/06/23 12:0 a.m.49 views

CVE-2024-39334

CVE-2024-39334 affects MENDELSON AS4 prior to 2024 B376. The vulnerability is client-side: when a trading partner provides prepared XML data, opening the transaction details in the client can allow writing files to the client machine (server process is unaffected). The CVSS indicates network acce...

6.5CVSS6.9AI score0.00358EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/06/23 12:0 a.m.11 views

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. The server process is not affected...

7.1AI score0.00358EPSS
Exploits0References1
cvelist
cvelist
added 2024/06/23 12:0 a.m.21 views

CVE-2024-39334

MENDELSON AS4 before 2024 B376 has a client-side vulnerability when a trading partner provides prepared XML data. When a victim opens the details of this transaction in the client, files can be written to the computer on which the client process is running. The server process is not affected...

0.00358EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/06/11 12:0 a.m.5 views

PT-2024-4214 · Aveva · Aveva Pi Asset Framework Client

Name of the Vulnerable Software and Affected Versions: AVEVA PI Asset Framework Client affected versions not specified Description: The issue allows malicious code to execute on the PI System Explorer environment under the privileges of an interactive user. This can happen when an attacker social...

7.8CVSS7.5AI score0.00188EPSS
Exploits0References7
openvas
openvas
added 2024/06/05 12:0 a.m.15 views

openSUSE Security Advisory (SUSE-SU-2024:1882-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.01565EPSS
Exploits0References4
nessus
nessus
added 2024/05/11 12:0 a.m.14 views

RHEL 6 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: Large number of prefixed XML attributes on a single tag can crash libexpat CVE-2021-45960 - expat:...

9.6AI score0.19069EPSS
Exploits7References19
nvd
nvd
added 2024/05/03 3:15 a.m.14 views

CVE-2023-44409

D-Link DAP-1325 SetSetupWizardStatus Enabled Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.0075EPSS
Exploits0References1
attackerkb
attackerkb
added 2024/05/03 3:15 a.m.6 views

CVE-2023-44408

D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...

8.8CVSS6.4AI score0.0075EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2024/05/03 3:15 a.m.36 views

CVE-2023-44407

D-Link DAP-1325 SetAPLanSettings Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.0075EPSS
Exploits0References1
nvd
nvd
added 2024/05/03 3:15 a.m.24 views

CVE-2023-44404

D-Link DAP-1325 getvaluefromapp Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS9.1AI score0.0075EPSS
Exploits0References1
attackerkb
attackerkb
added 2024/05/03 3:15 a.m.5 views

CVE-2023-44404

D-Link DAP-1325 getvaluefromapp Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...

8.8CVSS6.4AI score0.0075EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder