Lucene search
K

343 matches found

Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.45 views

NewStart CGSL MAIN 6.02 : expat Multiple Vulnerabilities (NS-SA-2021-0083)

The remote NewStart CGSL host, running version MAIN 6.02, has expat packages installed that are affected by multiple vulnerabilities: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and...

7.8CVSS7.6AI score0.07107EPSS
Exploits2References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/03 4:2 p.m.46 views

Security Bulletin: IBM MQ Appliance is affected by libexpat vulnerabilities (CVE-2018-20843, CVE-2019-15903)

Summary IBM MQ Appliance has resolved libexpat vulnerabilities. Vulnerability Details CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit th...

7.8CVSS1.8AI score0.07107EPSS
Exploits2Affected Software1
OSV
OSV
added 2021/03/01 10:15 p.m.7 views

CVE-2021-26703

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI...

9.8CVSS7.5AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/01/29 12:0 a.m.40 views

CentOS 8 : thunderbird (CESA-2019:3237)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2019:3237 advisory. - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total Security...

8.8CVSS7.6AI score0.06643EPSS
Exploits3References10
NCSC
NCSC
added 2021/01/19 12:0 a.m.6 views

Vulnerability fixed in XStream

A vulnerability has been fixed in XStream. When it is possible for a user is able to submit XML files to the application delivery, the vulnerability could potentially be exploited to execute shell commands under application privileges. Only applications using the default blacklist functionality,...

9.3CVSS7AI score0.85001EPSS
Exploits7
OSV
OSV
added 2021/01/14 3:15 p.m.2 views

DEBIAN-CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

9.1CVSS6.4AI score0.06266EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/12/18 12:0 a.m.41 views

Amazon Linux AMI : expat (ALAS-2020-1460) (deprecated)

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1460 advisory. - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons coul...

8.9AI score0.07107EPSS
Exploits2References5
Amazon
Amazon
added 2020/12/16 8:31 p.m.81 views

Medium: expat

Issue Overview: It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of...

7.8CVSS2.4AI score0.07107EPSS
Exploits2
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.6 views

TYPO3 代码问题漏洞

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 suffers from a security vulnerability that stems from insufficient validation of user-supplied XML input in RSS widgets, which can be exploited by a remote user to pass specially...

3.7CVSS6AI score0.00636EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/11/12 12:0 a.m.53 views

Oracle Linux 8 : expat (ELSA-2020-4484)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4484 advisory. 2.2.5-4 - add security fixes for CVE-2018-20843, CVE-2019-15903 Tenable has extracted the preceding description block directly from the Oracle Linux...

7.8CVSS7.4AI score0.07107EPSS
Exploits2References3
Ubuntu
Ubuntu
added 2020/10/05 1:32 p.m.84 views

USN-4569-1: Yaws vulnerabilities

It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity XXE injection attack. CVE-2020-24379 It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this...

10CVSS8.4AI score0.17374EPSS
Exploits4
Ubuntu
Ubuntu
added 2020/09/25 3:26 p.m.65 views

USN-4542-1: MiniUPnPd vulnerabilities

It was discovered that MiniUPnPd did not properly validate callback addresses. A remote attacker could possibly use this issue to expose sensitive information. CVE-2019-12107 It was discovered that MiniUPnPd incorrectly handled unpopulated user XML input. An attacker could possibly use this issue...

7.5CVSS6.4AI score0.03404EPSS
Exploits5
0day.today
0day.today
added 2020/08/01 12:0 a.m.880 views

SharePoint DataSet / DataTable Deserialization Exploit

A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint...

7.8CVSS8.1AI score0.94243EPSS
Exploits10
Packet Storm
Packet Storm
added 2020/07/31 12:0 a.m.443 views

SharePoint DataSet / DataTable Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SharePoint DataSet / DataTable Deserialization', 'Description' = %q A remotely exploitable vulnerability exists within SharePoint that can be...

6.8CVSS0.1AI score0.94243EPSS
Exploits10
Metasploit
Metasploit
added 2020/07/30 5:41 p.m.150 views

SharePoint DataSet / DataTable Deserialization

A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint...

7.8CVSS8.1AI score0.94243EPSS
Exploits10
OSV
OSV
added 2020/07/14 11:15 p.m.2 views

CVE-2020-1439

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'...

8.8CVSS7.9AI score0.20265EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/16 12:0 a.m.53 views

EulerOS Virtualization 3.0.2.2 : expat (EulerOS-SA-2020-1445)

According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - XML External Entity vulnerability in libexpat 2.2.0 and earlier Expat XML Parser Library allows attackers to put the parser in an...

9.8CVSS7.7AI score0.08739EPSS
Exploits2References4
OSV
OSV
added 2020/04/14 7:15 p.m.3 views

CVE-2020-6238

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...

9.3CVSS5.8AI score0.0131EPSS
Exploits0References2
NVD
NVD
added 2020/04/14 7:15 p.m.18 views

CVE-2020-6238

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...

9.3CVSS9.2AI score0.0131EPSS
Exploits0References2
Prion
Prion
added 2020/04/14 7:15 p.m.15 views

Input validation

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...

6.4CVSS9AI score0.0131EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder