Lucene search
K

343 matches found

Github Security Blog
Github Security Blog
added 2021/08/03 4:57 p.m.131 views

Misinterpretation of malicious XML input

Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to one of the fixed versions of @xmldom/xmld...

6.5CVSS1.1AI score0.01347EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2021/07/27 9:45 p.m.15 views

CVE-2021-32796 Misinterpretation of malicious XML input in xmldom

xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...

6.5CVSS6.9AI score0.01347EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/07/15 12:0 a.m.46 views

Cisco Web Security Appliance Privilege Escalation (cisco-sa-scr-web-priv-esc-k3HCGJZ)

According to its self-reported version, Cisco Web Security Appliance is affected by a privilege escalation vulnerability. A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injectio...

9CVSS8.4AI score0.01879EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2021/07/09 5:31 p.m.81 views

Cisco BPA, WSA Bugs Allow Remote Cyberattacks

A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...

9CVSS8.1AI score0.01879EPSS
Exploits0References5
NVD
NVD
added 2021/07/08 7:15 p.m.15 views

CVE-2021-1359

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...

9CVSS0.01879EPSS
Exploits0References1
Prion
Prion
added 2021/07/08 7:15 p.m.22 views

Command injection

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...

9CVSS8.9AI score0.01879EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2021/07/08 6:35 p.m.11 views

CVE-2021-1359 Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...

6.3CVSS7.8AI score0.01879EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/08 6:35 p.m.16 views

CVE-2021-1359 Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...

6.3CVSS9.2AI score0.01879EPSS
Exploits0References1
Cisco
Cisco
added 2021/07/07 4:0 p.m.35 views

Cisco Web Security Appliance Privilege Escalation Vulnerability

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...

6.3CVSS8AI score0.01879EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/28 12:0 a.m.6 views

Elastic App Search web crawler 代码问题漏洞

Elastic App Search web crawler is an application from Elastic USA. provides greater scalability and performance enhancements. A code issue vulnerability exists in App Search web crawler that stems from insufficient validation of user-supplied XML input in Enterprise Search. The following products...

7.5CVSS7.4AI score0.0127EPSS
Exploits0References2
NVD
NVD
added 2021/04/08 10:15 p.m.27 views

CVE-2020-6590

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...

7.5CVSS0.01046EPSS
Exploits0References1
OSV
OSV
added 2021/04/08 10:15 p.m.4 views

CVE-2020-6590

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...

7.5CVSS7.1AI score0.01046EPSS
Exploits0References1
Prion
Prion
added 2021/04/08 10:15 p.m.15 views

Information disclosure

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...

5CVSS7.2AI score0.01046EPSS
Exploits0References1Affected Software3
CVE
CVE
added 2021/04/08 9:32 p.m.80 views

CVE-2020-6590

CVE-2020-6590 affects Forcepoint Web Security Content Gateway versions prior to 8.5.4, where improper processing of XML input leads to information disclosure. The issue is rooted in XML handling (XML input processing) and can be triggered remotely over the network with low attack complexity; no u...

7.5CVSS7.2AI score0.01046EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2021/04/08 9:32 p.m.23 views

CVE-2020-6590

Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...

7.3AI score0.01046EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/08 12:0 a.m.5 views

Forcepoint Web Security Content Gateway 代码问题漏洞

Forcepoint Web Security Content Gateway is an application gateway from Forcepoint, USA. A code issue vulnerability exists in Forcepoint Web Security Content Gateway versions prior to 8.5.4 that stems from incorrectly processing XML input, which can lead to information disclosure...

7.5CVSS7.4AI score0.01046EPSS
Exploits0References4
Node.js
Node.js
added 2021/03/12 10:42 p.m.168 views

Misinterpretation of malicious XML input

Overview Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Workarounds...

4.3CVSS5.3AI score0.01328EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/12 10:39 p.m.81 views

Misinterpretation of malicious XML input

Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.5...

4.3CVSS1.3AI score0.01328EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2021/03/12 12:0 a.m.5 views

PT-2021-4787 · Xstream +6 · Xstream +6

Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue concerns a Java library used to serialize objects to XML and back again. It may allow a remote attacker to execute arbitrary code by manipulating the processed input stream. Users who se...

10CVSS7.3AI score0.9851EPSS
Exploits39References217
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.45 views

NewStart CGSL MAIN 6.02 : expat Multiple Vulnerabilities (NS-SA-2021-0083)

The remote NewStart CGSL host, running version MAIN 6.02, has expat packages installed that are affected by multiple vulnerabilities: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and...

7.8CVSS7.6AI score0.07107EPSS
Exploits2References3
Rows per page
Query Builder