Lucene search
K

54 matches found

OSV
OSV
added 2017/11/23 9:29 p.m.3 views

DEBIAN-CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS9.5AI score0.04278EPSS
Exploits0References1
OSV
OSV
added 2017/11/23 9:29 p.m.25 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS9.1AI score
Exploits0References5
NVD
NVD
added 2017/11/23 9:29 p.m.23 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS8.5AI score0.04278EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2017/11/23 9:0 p.m.40 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS8.6AI score0.04278EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2017/11/23 9:0 p.m.40 views

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS9.2AI score0.04278EPSS
Exploits0
Cloud Foundry
Cloud Foundry
added 2017/11/01 12:0 a.m.53 views

USN-3424-1: libxml2 vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code...

10CVSS9AI score0.23694EPSS
Exploits5
Ubuntu
Ubuntu
added 2017/09/19 12:47 a.m.77 views

USN-3424-1: libxml2 vulnerabilities

It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. CVE-2017-0663 It was discovered that libxml2 did not properly validate parsed entity references. An...

10CVSS7.4AI score0.23694EPSS
Exploits5
OSV
OSV
added 2017/09/19 12:47 a.m.3 views

USN-3424-1 libxml2 vulnerabilities

It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. CVE-2017-0663 It was discovered that libxml2 did not properly validate parsed entity references. An...

10CVSS7.2AI score0.23694EPSS
Exploits5References8
OpenVAS
OpenVAS
added 2017/09/19 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-3424-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.1AI score0.23694EPSS
Exploits5References2
RubySec
RubySec
added 2017/09/19 12:0 a.m.39 views

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities

The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml 2.9.5. It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial ...

10CVSS1.9AI score0.23694EPSS
Exploits5References1Affected Software1
Silent Robot Systems
Silent Robot Systems
added 2015/12/15 4:0 a.m.19 views

XML Entity Cheatsheet - Updated

An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just XXE notes. XML Declarations: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTEM entity test xxe: 1 | ---|--- Parameter Entity. One of the benefits is a paremeter entity is automatically expande...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/11/26 4:52 p.m.5 views

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.8AI score0.05493EPSS
Exploits1References5
Silent Robot Systems
Silent Robot Systems
added 2014/09/03 4:0 a.m.50 views

XML Entity Cheatsheet

An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques e.g. XInclude may require additional settings in Nokogiri. XML Headers: 1 2 | ---|--- Vanilla entity test: 1 | ---|--- SYSTEM enti...

6.9AI score
Exploits0
Silent Robot Systems
Silent Robot Systems
added 2014/09/03 4:0 a.m.15 views

XML Entity Cheatsheet

An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques e.g. XInclude may require additional settings in Nokogiri. XML Headers: 1 2 | ---|--- Vanilla entity test: 1 | &post ---|--- SYSTE...

6.9AI score
Exploits0
Rows per page
Query Builder