Lucene search
+L

149 matches found

UbuntuCve
UbuntuCve
added 2018/02/27 3:29 p.m.24 views

CVE-2018-0489

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this...

6.5CVSS6.7AI score0.02148EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/02/27 3:0 p.m.45 views

CVE-2018-0489

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this...

6.5CVSS5.5AI score0.02148EPSS
Exploits0
Cvelist
Cvelist
added 2018/02/27 3:0 p.m.24 views

CVE-2018-0489

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this...

6.6AI score0.02148EPSS
Exploits0References6
NVD
NVD
added 2018/02/21 4:29 p.m.17 views

CVE-2016-0369

XML external entity XXE vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088...

4CVSS3AI score0.01004EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/02/21 4:0 p.m.18 views

CVE-2016-0369

XML external entity XXE vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 112088...

3AI score0.01004EPSS
Exploits0References2
CVE
CVE
added 2018/02/21 4:0 p.m.44 views

CVE-2016-0369

IBM Forms Experience Builder versions 8.5, 8.5.1 and 8.6 are affected by an XML External Entity (XXE) processing vulnerability. The root cause is XXE when processing XML data, which could allow a remote authenticated attacker to obtain sensitive information. The CVSS v3 base score is 2.7 (LOW). R...

4CVSS3.1AI score0.01004EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/01/16 7:29 p.m.3 views

CVE-2016-0219

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

6.5CVSS5.6AI score0.01231EPSS
Exploits0References3
OSV
OSV
added 2018/01/16 7:29 p.m.4 views

CVE-2016-0219

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

6.5CVSS5.8AI score0.01231EPSS
Exploits0References2
Prion
Prion
added 2018/01/16 7:29 p.m.18 views

Xxe

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

4CVSS6.3AI score0.01231EPSS
Exploits0References2Affected Software8
Cvelist
Cvelist
added 2018/01/16 7:0 p.m.25 views

CVE-2016-0219

XML external entity XXE vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693...

6AI score0.01231EPSS
Exploits0References2
Prion
Prion
added 2017/12/29 10:29 p.m.24 views

Xxe

XML external entity XXE vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data...

7.5CVSS8AI score0.02869EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2017/12/29 10:0 p.m.26 views

CVE-2014-3630

XML external entity XXE vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data...

9.8AI score0.02869EPSS
Exploits0References4
NVD
NVD
added 2017/08/02 7:29 p.m.15 views

CVE-2015-0194

XML External Entity XXE vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data...

6.5CVSS6.3AI score0.01408EPSS
Exploits0References3
Prion
Prion
added 2017/08/02 7:29 p.m.16 views

Xxe

XML External Entity XXE vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data...

4CVSS6.9AI score0.01408EPSS
Exploits0References3Affected Software2
RedHat Linux
RedHat Linux
added 2016/12/15 10:11 p.m.6 views

libxml2: stack overflow before detecting invalid XML file

Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck and xmlParseAttValueComplex functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack...

7.5CVSS7.1AI score0.05103EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/08/07 10:0 a.m.31 views

CVE-2016-5772

Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...

10AI score0.09674EPSS
Exploits1References14
Debian CVE
Debian CVE
added 2016/08/07 10:0 a.m.40 views

CVE-2016-5772

Removed by vendor...

9.8CVSS7.3AI score0.09674EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2016/07/19 12:0 a.m.4 views

The vulnerability of the Expat library allows a attacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Expat library arises due to buffer overflow. Exploiting this vulnerability can allow a remote attacker to cause a service failure abnormal termination of operations or execute arbitrary code using specially crafted XML data...

6.8CVSS7.8AI score0.12367EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2016/06/30 5:59 p.m.41 views

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS9.1AI score
Exploits0References7
AlpineLinux
AlpineLinux
added 2016/06/30 5:0 p.m.50 views

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS9.9AI score0.12367EPSS
Exploits0
Rows per page
Query Builder