CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Live Auction Cockpit in SAP Supplier Relationship Management SRM allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed, enables the attacker to access sensitive files and data. This vulnerability has a high impact on the...

8.6CVSS0.00381EPSS

Exploits0References2

OSV•added 2023/06/29 9:15 p.m.•17 views

PYSEC-2023-97

easy-parse v0.1.1 was discovered to contain a XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

7.5CVSS8.3AI score0.00727EPSS

Exploits0References2

CNVD•added 2021/02/09 12:0 a.m.•7 views

ezXML out-of-bounds write vulnerability (CNVD-2021-11062)

ezXML is a C library for parsing XML documents . An out-of-bounds write vulnerability exists in the ezxmltoxml function in ezXML 0.8.6 and earlier. An attacker can exploit this vulnerability to cause an out-of-bounds write when opening an XML file after the memory pool has been exhausted...

8.1CVSS6.7AI score0.01178EPSS

Exploits1References1

OSV•added 2021/02/08 9:15 p.m.•7 views

CVE-2021-26220

The ezxmltoxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool...

8.1CVSS8AI score

Exploits0References1

Prion•added 2018/03/05 7:29 p.m.•20 views

Null pointer dereference

XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enoug...

2.1CVSS5.2AI score0.00211EPSS

Exploits0References1Affected Software6

Veracode•added 2017/09/21 8:34 a.m.•45 views

Remote Code Execution (RCE)

The nokogiri gem is susceptible to Remote Code Execution RCE. These vulnerabilities are possible because the gem contains a version of the libxml2 C package which is affected by CVE-2017-7375 and CVE-2017-7376 respectively. These vulnerabilities allow a malicious user to pass a XML file to execut...

9.8CVSS9.8AI score0.24139EPSS

Exploits0

securityvulns•added 2015/02/02 12:0 a.m.•106 views

APPLE-SA-2015-01-27-2 iOS 8.1.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-2 iOS 8.1.3 iOS 8.1.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted afc command may allow acce...

10CVSS0.5AI score0.19725EPSS

Exploits2

seebug.org•added 2009/03/06 12:0 a.m.•26 views

Winamp skin.xml皮肤文件处理缓冲区溢出漏洞

BUGTRAQ ID: 34009 Winamp是一款流行的媒体播放器，支持多种文件格式。如果Winamp受骗加载了恶意的皮肤文件的话，就可能触发缓冲区溢出，导致在用户系统上执行任意代码。 Nullsoft Winamp 5.541 厂商补丁： Nullsoft -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.winamp.com/ http://www.sebug.net/exploit/5933/...

6.9AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by