Lucene search
K

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/08/14 3:36 p.m.43 views

Security Bulletin: Vulnerability in jackson-databind affects watsonx.data

Summary FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception and other causes Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By...

7.5CVSS7.6AI score0.17611EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.13 views

RHEL 7 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxml2: Missing validation for external entities in xmlParsePEReference CVE-2017-7375 - The...

7.5CVSS7.2AI score0.07025EPSS
Exploits13References16
NVD
NVD
added 2023/04/13 7:15 p.m.16 views

CVE-2023-26264

All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity XXE attacks in the license parsing code...

5.5CVSS5.5AI score0.00211EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 6:34 a.m.45 views

Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition

Summary Vulnerabilities found within Apache Storm CVE-2020-25649, CVE-2020-36518, CVE-2021-22569, CVE-2021-38153 that is used by IBM Tivoli Network Manager ITNM IP Edition Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected securit...

7.5CVSS7.2AI score0.17611EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/09 9:58 a.m.51 views

Security Bulletin: Vulnerabilities in Node.js and FasterXML jackson-databind affect IBM Spectrum Protect Plus

Summary Multiple vulnerabilities in Node.js and FasterXML jackson-databind may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected security, caused by not having entity expansion secured properly....

8.8CVSS2AI score0.54164EPSS
Exploits13Affected Software1
NVD
NVD
added 2019/09/25 5:15 p.m.22 views

CVE-2019-16188

HCL AppScan Source before 9.03.13 is susceptible to XML External Entity XXE attacks in multiple locations. In particular, an attacker can send a specially crafted .ozasmt file to a targeted victim and ask the victim to open it. When the victim imports the .ozasmt file in AppScan Source, the conte...

7.1CVSS6.7AI score0.00803EPSS
Exploits0References1
OSV
OSV
added 2019/01/09 11:29 p.m.17 views

CVE-2018-16166

LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity XXE attacks via unspecified vectors...

8.8CVSS7AI score
Exploits0References2
Cvelist
Cvelist
added 2017/09/27 4:0 p.m.26 views

CVE-2017-12621

During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...

9.4AI score0.08536EPSS
Exploits3References4
NVD
NVD
added 2017/05/23 4:29 a.m.24 views

CVE-2017-8913

The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873...

8.8CVSS8.2AI score0.01393EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2016/11/23 12:0 a.m.42 views

CVE-2016-9563

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via the sap.comtcbpemhimuwlconnproviderweb/bpemuwlconn URI, aka SAP Security Note 2296909. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

6.5CVSS6.5AI score0.23805EPSS
In wildExploits0References5
Tenable Nessus
Tenable Nessus
added 2010/04/30 12:0 a.m.14 views

Ektron CMS400.net TransformXslt Web Service Directory Traversal

The installed version of Ektron CMS400.net ships with a web service that processes untrusted XML data and could allow an attacker to perform XML External Entity XXE attacks. Nessus was able to exploit this issue by sending a specially crafted request to the 'TransformXslt' web service, and retrie...

5.5AI score
Exploits0References3
Rows per page
Query Builder