Lucene search
K

343 matches found

OSV
OSV
added 2022/12/28 12:15 a.m.1 views

DEBIAN-CVE-2022-41966

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

7.5CVSS6.7AI score0.08689EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/09/08 12:0 a.m.19 views

MEI2Volpiano is vulnerable to XML External Entity (XXE), leading to a Denial of Service (DoS)

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity XXE, leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...

7.5CVSS7.2AI score0.01074EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2022/09/07 1:15 p.m.19 views

CVE-2022-37189

DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity XXE, leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input...

7.5CVSS0.01074EPSS
Exploits0References4
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

SAP Business One Denial of Service Vulnerability

SAP Business One is a set of enterprise management software from SAP. The software includes functions such as financial management, operations management and human resource management. A denial-of-service vulnerability exists in SAP Business One version 10.0, which stems from improper input clean...

7.5CVSS7.5AI score0.00745EPSS
Exploits0References1
OSV
OSV
added 2022/07/12 9:15 p.m.5 views

CVE-2022-35168

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative...

7.5CVSS5.8AI score0.00745EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/12 9:15 p.m.2 views

CVE-2022-35168

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative...

7.5CVSS5.8AI score0.00745EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/07/12 9:15 p.m.23 views

Input validation

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative...

5CVSS7.5AI score0.00745EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2022/06/01 7:9 a.m.79 views

XML External Entity (XXE)

xmlbeans is vulnerable to XML External Entity attacks. The vulnerability exists due to the lack of sanitization of XML input containing a reference to an external entity which is processed by a weakly configured XML parser allowing an attacker to exhaust the system resource via recursive external...

9.1CVSS8.6AI score0.06266EPSS
Exploits0References12Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/26 12:15 p.m.2 views

CVE-2021-42860

A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...

7.5CVSS7.3AI score0.0097EPSS
Exploits1References2
OSV
OSV
added 2022/05/26 12:15 p.m.7 views

CVE-2021-42860

A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...

7.5CVSS7.1AI score
Exploits0References1
CNNVD
CNNVD
added 2022/05/26 12:0 a.m.2 views

Mini-XML 安全漏洞

Mini-XML mxml is a small XML parser developed in C language. A security vulnerability exists in Mini-XML v3.2, which stems from a stack buffer overflow in mxmlstringgetc:2611 when feeding an unformatted XML string into the mxmlLoadString API...

7.5CVSS7.7AI score0.0097EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.55 views

AlmaLinux 8 : expat (ALSA-2020:4484)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:4484 advisory. - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount o...

7.8CVSS7.6AI score0.07107EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/10/29 12:0 a.m.5 views

Antenna House Office Server Document Converter 代码问题漏洞

Antenna House Office Server Document Converter Osdc is an office server document converter from Antenna House USA. It is used to batch convert Word, Excel and Powerpoint into high quality Pdf or image formats that are easy to share and look accurate on any screen. A code issue vulnerability exist...

7.5CVSS7.4AI score0.01471EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.41 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : expat Multiple Vulnerabilities (NS-SA-2021-0175)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has expat packages installed that are affected by multiple vulnerabilities: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amoun...

7.8CVSS7.6AI score0.07107EPSS
Exploits2References5
OSV
OSV
added 2021/10/11 8:15 p.m.5 views

UBUNTU-CVE-2021-42260

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXMLUTFLEAD0 case. It can be triggered by a crafted XML message and leads to a denial of service...

7.5CVSS7AI score0.03055EPSS
Exploits1References4
Snyk
Snyk
added 2021/09/12 11:30 a.m.2 views

Prototype Pollution

Overview body-parser-xml is a XML parser middleware for express.js. Affected versions of this package are vulnerable to Prototype Pollution. The prototype of req.body can be polluted. PoC const express = require'express'; const bodyParser = require'body-parser'; require'body-parser-xml'bodyParser...

9.8CVSS8.3AI score0.01257EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2021/09/03 6:43 p.m.52 views

USN-5061-1: Scilab vulnerabilities

It was discovered that Scilab did not properly sanitize XML inputs. An atacker could use a crafted XML file to cause a denial of service or possibly execute arbitrary code...

7.5CVSS7.1AI score0.01402EPSS
Exploits3
Debian CVE
Debian CVE
added 2021/08/23 5:50 p.m.36 views

CVE-2021-39139

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. A user is only affected if using the version out of th...

8.8CVSS9.1AI score0.04455EPSS
Exploits0
Node.js
Node.js
added 2021/08/03 4:57 p.m.67 views

Misinterpretation of malicious XML input

Overview Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.7.0 see issue 271 for the stat...

5CVSS3.8AI score0.01347EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/08/03 4:57 p.m.2 views

GHSA-5FG8-2547-MR8Q Misinterpretation of malicious XML input

Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to one of the fixed versions of @xmldom/xmld...

6.5CVSS6.8AI score0.01347EPSS
Exploits0References7
Rows per page
Query Builder