Lucene search
+L

56 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/09/03 1:39 p.m.34 views

Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-27919, CVE-2021-27918)

Summary IBM Cloud Private is vulnerable to a Go vulnerability Vulnerability Details CVEID: CVE-2021-27919 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw in the Reader.Open API when use a ZIP archive containing files start with “../”. By persuading a victim to open a...

7.5CVSS0.9AI score0.02543EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/11/13 6:51 p.m.35 views

Security Bulletin: Dom4j XML Injection Vulnerability Affects IBM Sterling B2B Integrator (CVE-2018-1000632)

Summary IBM Sterling B2B Integrator has addressed a Dom4j XML injection vulnerability. Vulnerability Details CVEID: CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a...

7.5CVSS2.4AI score0.0657EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2020/03/26 12:0 a.m.3 views

CloudBees Jenkins RapidDeploy plugin code issue vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . RapidDeploy Plugin is used in one of the...

8.8CVSS6.8AI score0.0115EPSS
Exploits0References1
CNVD
CNVD
added 2019/10/29 12:0 a.m.5 views

Unspecified Vulnerability in IBM Security Directory Server (CNVD-2019-38504)

IBM Security Directory Server is a suite of enterprise identity management software from IBM USA that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A security vulnerability exists in IBM Security Directory...

7.1CVSS6.8AI score0.0123EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/10 12:0 a.m.11 views

Microsoft Visual Studio Elevation of Privilege Vulnerability

Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio that stems from the progra...

6.6CVSS6.6AI score0.01755EPSS
Exploits0References1
NVD
NVD
added 2019/06/11 9:29 p.m.25 views

CVE-2019-12154

XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions...

9.1CVSS8.8AI score0.02305EPSS
Exploits0References3
Veracode
Veracode
added 2019/03/25 8:40 a.m.20 views

Directory Traversal

Liferay portal is vulnerable to directory traversal.XSL content portlet paths for XSL and XML content is not validated and allows a remote attacker to retrieve system files by submitting file:/// in the URL...

3.5CVSS6.1AI score0.01397EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/10/10 1:29 p.m.4 views

CVE-2018-8533

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio SSMS when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, S...

5.5CVSS5.9AI score0.23373EPSS
Exploits15References5
Prion
Prion
added 2018/07/27 6:29 p.m.21 views

Cross site scripting

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

7.5CVSS9.6AI score0.06258EPSS
Exploits0References5Affected Software7
Cvelist
Cvelist
added 2018/07/27 6:0 p.m.18 views

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

7.5CVSS9.7AI score0.06258EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:20 a.m.20 views

Security Bulletin: Vulnerability in IBM Rational Software Architect Design Manager can allow denial of service attack (CVE-2016-8974, CVE-2016-9698)

Summary XML content of review comments and OSLC links can be altered to harm RSA DM server responsiveness. Vulnerability Details CVEID: CVE-2016-8974 Description: IBM Rhapsody DM is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A...

8.1CVSS1.3AI score0.01963EPSS
Exploits0Affected Software1
OSV
OSV
added 2018/05/23 1:29 p.m.5 views

CVE-2018-8176

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office...

8.8CVSS6.4AI score0.2208EPSS
Exploits0References3
Prion
Prion
added 2018/05/23 1:29 p.m.23 views

Remote code execution

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office...

9.3CVSS9AI score0.2208EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/05/23 1:0 p.m.32 views

CVE-2018-8176

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office...

9AI score0.2208EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2018/05/15 7:0 a.m.39 views

Microsoft PowerPoint Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

9.3CVSS2.7AI score0.2208EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2017/03/10 8:48 a.m.28 views

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

9.8CVSS4.2AI score0.06258EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/05/14 12:0 a.m.35 views

Mozilla Thunderbird < 31.7 Multiple Vulnerabilities (Mac OS X)

The version of Thunderbird installed on the remote Mac OS X host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary code...

7.5CVSS8.6AI score0.07417EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2015/05/13 12:0 a.m.40 views

Firefox ESR 31.x < 31.7 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.7. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist within the browser engine. A remote attacker can exploit these to corrupt memory and execute arbitrary...

7.5CVSS7.6AI score0.07417EPSS
Exploits0References8
Check Point Advisories
Check Point Advisories
added 2015/03/26 12:0 a.m.13 views

Microsoft XML Signature HMAC Truncation Bypass (MS10-041) - Ver2 (CVE-2009-0217)

The Microsoft .NET Framework is a component of the Microsoft Windows operating system that enables building and running software applications and Web services. A tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without...

5CVSS1.8AI score0.06348EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit

No description provided by source. !/usr/bin/env python SPIP - Content Management System 2.0.9 exploit http://www.securityfocus.com/bid/36008 Author : KernelPanik import urllib, urllib2 import cookielib import sys def sendrequesturlOpener, url, postdata=None: request = urllib2.Requesturl url =...

7.1AI score
Exploits0
Rows per page
Query Builder