Lucene search
K

343 matches found

CVE
CVE
added 2024/06/07 12:0 a.m.63 views

CVE-2024-37388

CVE-2024-37388 describes an XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of the Python library lxml, affecting versions prior to 4.9.1. The issue enables an attacker to access sensitive information or cause a Denial of Service (DoS) via crafted XML input. Publicl...

9.1CVSS6.1AI score0.00532EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 7 : xerces-c (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xerces-c: Use-after-free in heap on specially crafted XML input CVE-2016-2099 Note that Nessus has not tested for...

9.8CVSS6.9AI score0.06837EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/05/17 12:0 a.m.5 views

The vulnerability of the XML input component of the software tool for working with Oracle Web Applications and Oracle E-Business Suite desktop integration solutions for enterprise automation activities allows a malicious individual to gain unauthorized access to data or to modify, add, or delete protected data.

The vulnerability of the XML input component of the software tool for working with Oracle Web Applications, a desktop integration system for automating business activities within the Oracle E-Business Suite, is related to insufficient validation of entered data. Exploiting this vulnerability can...

4.3CVSS7.2AI score0.00417EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2024/05/03 3:15 a.m.0 views

CVE-2023-41213

D-Link DAP-1325 setDhcpAssignRangeUpdate lanipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

8.8CVSS6.3AI score0.00855EPSS
Exploits0References2
OSV
OSV
added 2024/04/16 10:15 p.m.4 views

CVE-2024-21048

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite component: XML input. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web...

4.3CVSS7.1AI score0.00417EPSS
Exploits0References1
CVE
CVE
added 2024/04/16 9:26 p.m.66 views

CVE-2024-21048

CVE-2024-21048 affects Oracle E-Business Suite’s Oracle Web Applications Desktop Integrator (XML input) for versions 12.2.3–12.2.13. The root cause is insufficient input validation in the XML input component, enabling a low-privileged, network-accessible attacker over HTTP to read data from the a...

4.3CVSS5.7AI score0.00417EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/10/31 2:31 a.m.6 views

SUSE CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'...

7.8CVSS9.1AI score0.94243EPSS
Exploits10References2
SUSE CVE
SUSE CVE
added 2023/08/16 2:21 a.m.2 views

SUSE CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8.6AI score0.45912EPSS
Exploits0References5
OSV
OSV
added 2023/08/15 6:15 p.m.15 views

CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.2AI score
Exploits0References6
OSV
OSV
added 2023/08/15 6:15 p.m.0 views

DEBIAN-CVE-2023-4357

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS8AI score0.45912EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/15 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient input validation in XML, and can be exploited by remote attackers to bypass file access restrictions via a...

8.8CVSS6.4AI score0.45912EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/08/15 12:0 a.m.7 views

PT-2023-4480 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.96 Description: The issue is related to insufficient validation of untrusted input in XML, allowing a remote attacker to bypass file access restrictions via a crafted HTML page. This can impact the...

9.8CVSS7.8AI score0.99739EPSS
Exploits131References1181
Prion
Prion
added 2023/08/03 10:15 p.m.21 views

Xxe

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks XXE against the backend service...

6.5CVSS8.6AI score0.00443EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/03 9:14 p.m.19 views

CVE-2023-37497 An XML External Entity (XXE) Injection Vulnerability affects HCL Unica Platform

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks XXE against the backend service...

8.1CVSS6.9AI score0.00443EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

HCL Unica Platform Code Issue Vulnerability

HCL Technologies HCL Unica Platform is a state-of-the-art enterprise automated marketing platform from HCL Technologies, USA. No manual effort is required to handle routine marketing tasks and capture the most effective leads. A security vulnerability exists in HCL Unica Platform versions 12.x...

8.8CVSS6.8AI score0.00443EPSS
Exploits0References2
Prion
Prion
added 2023/03/21 3:15 p.m.13 views

Input validation

IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654...

4CVSS6.4AI score0.0084EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/03/21 2:37 p.m.56 views

CVE-2023-27873

Summary: CVE-2023-27873 affects IBM Aspera Faspex 4.4.2. An authenticated remote attacker could obtain sensitive credential information by sending specially crafted XML input, per multiple sources (IBM X-Force ID 249654; Red Hat bulletin; CNVD/CVE references). The initial records assign a CVSSv3....

6.5CVSS6AI score0.0084EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.2 views

PT-2023-21386 · Ibm · Ibm Aspera Faspex

Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex version 4.4.2 Description: The issue allows a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. Recommendations: For IBM Aspera Faspex version 4.4.2, update to a...

6.5CVSS6.1AI score0.0084EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.58 views

K34239812: Libexpat vulnerability CVE-2019-15903

Security Advisory Description In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. CVE-2019-15903...

7.5CVSS7.7AI score0.06643EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.3 views

SUSE CVE-2008-2935

Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...

7.5CVSS9.8AI score0.12789EPSS
Exploits2References3
Rows per page
Query Builder