Lucene search
K

26 matches found

OSV
OSV
added 2026/05/04 11:40 a.m.12 views

USN-8227-1 curl vulnerabilities

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...

7.5CVSS5.9AI score0.00639EPSS
Exploits7References8
EUVD
EUVD
added 2026/04/15 12:31 a.m.5 views

EUVD-2026-22726

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

7CVSS5.8AI score0.00618EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-7383

Malware in sbrugna...

9.8CVSS9.5AI score0.04704EPSS
Exploits0References2
NVD
NVD
added 2019/06/19 5:15 p.m.15 views

CVE-2018-15506

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...

9.8CVSS9.8AI score0.04704EPSS
Exploits0References1
Prion
Prion
added 2019/06/19 5:15 p.m.15 views

Xxe

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...

7.5CVSS9.6AI score0.04704EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/06/19 4:13 p.m.12 views

CVE-2018-15506

In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user account...

9.8AI score0.04704EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/02/07 12:0 a.m.64 views

Ubuntu 14.04 LTS / 16.04 LTS : LibreOffice vulnerabilities (USN-3883-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3883-1 advisory. It was discovered that LibreOffice incorrectly handled certain document files. If a user were tricked into opening a specially crafted...

9.8CVSS7.5AI score0.78683EPSS
Exploits16References6
OpenVAS
OpenVAS
added 2019/02/07 12:0 a.m.262 views

Ubuntu: Security Advisory (USN-3883-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.3AI score0.78683EPSS
Exploits16References2
NVD
NVD
added 2018/08/13 5:29 p.m.23 views

CVE-2018-13415

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

9.8CVSS9.8AI score0.31809EPSS
Exploits5References2
Prion
Prion
added 2018/08/13 5:29 p.m.17 views

Xxe

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

7.5CVSS9.6AI score0.31809EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2018/08/13 5:0 p.m.63 views

CVE-2018-13417

Vulnerable component: Vuze Bittorrent Client 5.7.6.0. Root cause: XML External Entity Processing (XXE) in the SDL/UPnP/SSDP XML parsing engine. Impact: unauthenticated remote attackers can read arbitrary files on the host and may trigger SMB-based NetNTLM credential exposure (crack to cleartext) ...

9.8CVSS9.7AI score0.20695EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/08/13 5:0 p.m.25 views

CVE-2018-13417

In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

9.8AI score0.20695EPSS
Exploits5References2
Cvelist
Cvelist
added 2018/08/13 5:0 p.m.27 views

CVE-2018-13415

In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

9.8AI score0.31809EPSS
Exploits5References2
Prion
Prion
added 2018/08/03 5:29 p.m.16 views

Xxe

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

7.5CVSS9.7AI score0.20185EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2018/08/03 5:29 p.m.21 views

CVE-2018-13416

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

9.8CVSS9.7AI score0.20185EPSS
Exploits5References2
CVE
CVE
added 2018/08/03 5:0 p.m.82 views

CVE-2018-13416

The CVE-2018-13416 issue affects Universal Media Server (UMS) 7.1.0, where the SSDP/UPnP XML parsing engine is vulnerable to XML External Entity Processing (XXE). Unauthenticated, remote attackers can (per multiple sources) read arbitrary files on the host, trigger SMB NetNTLM captures (cracking ...

9.8CVSS9.6AI score0.20185EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/08/03 5:0 p.m.23 views

CVE-2018-13416

In Universal Media Server UMS 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing XXE attack. Remote, unauthenticated attackers can use this vulnerability to: 1 Access arbitrary files from the filesystem with the same permission as the user...

9.8AI score0.20185EPSS
Exploits5References2
exploitpack
exploitpack
added 2018/08/03 12:0 a.m.56 views

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML...

7.5CVSS0.5AI score0.20695EPSS
Exploits5
exploitpack
exploitpack
added 2018/08/02 12:0 a.m.160 views

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML...

7.5CVSS0.2AI score0.20185EPSS
Exploits5
Exploit DB
Exploit DB
added 2018/08/02 12:0 a.m.42 views

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...

9.8CVSS9.6AI score0.20185EPSS
Exploits5
Rows per page
Query Builder