Lucene search
+L

190 matches found

Prion
Prion
added 2022/06/28 10:15 p.m.15 views

Design/Logic Flaw

Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array that enables a remote attack via a crafted XML document...

4.3CVSS6.4AI score0.01008EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.33 views

XML Injection in ReportLab

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS3.6AI score0.10231EPSS
Exploits1References22Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:5 a.m.31 views

Improper Input Validation in Apache Santuario XML Security

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document...

5CVSS7.3AI score0.05639EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:5 a.m.26 views

Improper Restriction of XML External Entity Reference in Castor

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

4.3CVSS8.4AI score0.07794EPSS
Exploits3References8Affected Software2
NVD
NVD
added 2022/04/28 9:15 p.m.25 views

CVE-2022-24449

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document...

9.8CVSS0.01854EPSS
Exploits0References2
Prion
Prion
added 2022/04/28 9:15 p.m.24 views

Server side request forgery (ssrf)

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document...

7.5CVSS9.2AI score0.01854EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/02 12:0 a.m.7 views

The vulnerability in the parser.c component of the Libxml2 library, related to pointer dereferencing errors, allows attackers to trigger a denial-of-service attack.

The vulnerability of the parser.c component in the Libxml2 library is related to the lack of error handling during the analysis of XML content. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially created XML document...

5.9CVSS6.8AI score0.03503EPSS
Exploits0References12Affected Software5
OSV
OSV
added 2021/11/01 2:15 a.m.5 views

CVE-2021-20838

Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity XXE attack to cause a denial of service DoS condition by processing a specially crafted XML document...

7.5CVSS7.1AI score0.01471EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/04/06 12:0 a.m.5 views

Sutou Kouhei rexml 安全漏洞

Sutou Kouhei rexml is a Sutou Kouhei open source application . Support for tree and stream document parsing . REXML security vulnerability , the vulnerability stems from parsing and serializing a carefully crafted XML document , may create a structure different from the original document with the...

7.5CVSS7.2AI score0.05061EPSS
Exploits0References30
Veracode
Veracode
added 2020/05/10 11:23 p.m.29 views

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS. The vulnerability exists when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option whic...

4.7CVSS4.6AI score0.0263EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/02/10 12:0 a.m.33 views

Amazon Linux 2 : python-reportlab (ALAS-2020-1390)

The version of python-reportlab installed on the remote host is prior to 2.5-9. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1390 advisory. ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted X...

9.8CVSS9AI score0.10231EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2020/01/15 7:15 p.m.38 views

CVE-2015-1811

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document...

7.5CVSS7.2AI score0.01414EPSS
Exploits0References2
Prion
Prion
added 2020/01/06 2:15 p.m.21 views

Code injection

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

7.5CVSS9.4AI score0.02409EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2019/10/16 12:15 p.m.8 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS9.6AI score
Exploits0References14
OSV
OSV
added 2019/10/16 12:15 p.m.23 views

PYSEC-2019-117

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS3.7AI score0.10231EPSS
Exploits1References14
OSV
OSV
added 2019/10/16 12:15 p.m.4 views

UBUNTU-CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS7.9AI score0.10231EPSS
Exploits1References4
OSV
OSV
added 2019/10/16 12:15 p.m.13 views

PYSEC-2019-47

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

7.9AI score
Exploits0References13
Vulnrichment
Vulnrichment
added 2019/10/16 11:29 a.m.15 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

7.8AI score0.10231EPSS
Exploits1References14
Cvelist
Cvelist
added 2019/10/16 11:29 a.m.23 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8AI score0.10231EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2019/08/20 12:0 a.m.40 views

SUSE SLES12 Security Update : python3 (SUSE-SU-2019:2053-2)

This update for python3 fixes the following issues : CVE-2019-10160: Fixed a regression in urlparse and urlsplit introduced by the fix for CVE-2019-9636 bsc1138459. CVE-2018-14647: Fixed a denial of service vulnerability caused by a crafted XML document bsc1109847. CVE-2018-1000802: Fixed a comma...

9.8CVSS7.3AI score0.20807EPSS
Exploits1References11
Rows per page
Query Builder