343 matches found
CVE-2020-6238
SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...
PT-2020-19034 · Sap · Sap Commerce
Name of the Vulnerable Software and Affected Versions: SAP Commerce versions 6.6, 6.7, 1808, 1811, 1905 Description: The issue is related to the insecure processing of XML input in the Rest API from the Servlet xyformsweb, leading to Missing XML Validation. This affects the confidentiality and...
Design/Logic Flaw
WebAccess/NMS versions prior to 3.0.2 does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files...
CVE-2020-10629
WebAccess/NMS versions prior to 3.0.2 does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files...
CVE-2020-2175
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...
Cross site scripting
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...
CVE-2020-2175
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...
PT-2020-15388 · Jenkins · Jenkins Fitnesse Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins FitNesse Plugin versions 1.31 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not correctly escape report contents before showing them on the Jenkins...
Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearCase (CVE-2019-15903)
Summary IBM Rational ClearCase is affected by an Expat library heap-based buffer over-read in XMLGetCurrentLineNumber leading to a denial of service vulnerability Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a heap-based buffer...
CVE-2020-0765
An information disclosure vulnerability exists in the Remote Desktop Connection Manager RDCMan application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'...
CVE-2020-6187
SAP NetWeaver Guided Procedures, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service...
Design/Logic Flaw
SAP NetWeaver Guided Procedures, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service...
Security Bulletin: Security Vulnerability in Expat affects IBM Netezza Analytics
Summary Expat is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a heap-based buffer over-read in XMLGetCurrentLineNumber. By using a...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-2256)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1783)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for expat (openSUSE-SU-2019:2205-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. Mitigation Mitigation for this issue is either...
The vulnerability of the XMLInputFactory class in the OSGi Apache Karaf container allows a attacker to execute arbitrary code.
The vulnerability of the XMLInputFactory class in the OSGi Apache Karaf container is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106)
This update upgrades Thunderbird to version 68.2.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total...
Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029)
This update upgrades Thunderbird to version 68.2.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total...