Lucene search
K

343 matches found

Cvelist
Cvelist
added 2020/04/14 6:39 p.m.17 views

CVE-2020-6238

SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability partially of SAP Commerce...

9.3CVSS9.2AI score0.0131EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/04/14 12:0 a.m.5 views

PT-2020-19034 · Sap · Sap Commerce

Name of the Vulnerable Software and Affected Versions: SAP Commerce versions 6.6, 6.7, 1808, 1811, 1905 Description: The issue is related to the insecure processing of XML input in the Rest API from the Servlet xyformsweb, leading to Missing XML Validation. This affects the confidentiality and...

9.3CVSS9.1AI score0.0131EPSS
Exploits0References4
Prion
Prion
added 2020/04/09 2:15 p.m.10 views

Design/Logic Flaw

WebAccess/NMS versions prior to 3.0.2 does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files...

5CVSS7.4AI score0.01231EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/04/09 1:12 p.m.12 views

CVE-2020-10629

WebAccess/NMS versions prior to 3.0.2 does not sanitize XML input. Specially crafted XML input could allow an attacker to read sensitive files...

7.4AI score0.01231EPSS
Exploits0References1
OSV
OSV
added 2020/04/07 1:15 p.m.16 views

CVE-2020-2175

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

5.4CVSS5.5AI score
Exploits0References2
Prion
Prion
added 2020/04/07 1:15 p.m.11 views

Cross site scripting

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

3.5CVSS5.2AI score0.00705EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/04/07 12:25 p.m.13 views

CVE-2020-2175

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control the XML input files processed by the plugin...

5.3AI score0.00705EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/04/07 12:0 a.m.4 views

PT-2020-15388 · Jenkins · Jenkins Fitnesse Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins FitNesse Plugin versions 1.31 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the plugin does not correctly escape report contents before showing them on the Jenkins...

5.4CVSS5.2AI score0.00705EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/27 2:17 p.m.40 views

Security Bulletin: Vulnerabilities in Expat component shipped with IBM Rational ClearCase (CVE-2019-15903)

Summary IBM Rational ClearCase is affected by an Expat library heap-based buffer over-read in XMLGetCurrentLineNumber leading to a denial of service vulnerability Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a heap-based buffer...

7.5CVSS1.2AI score0.06643EPSS
Exploits1Affected Software1
NVD
NVD
added 2020/03/12 4:15 p.m.26 views

CVE-2020-0765

An information disclosure vulnerability exists in the Remote Desktop Connection Manager RDCMan application when it improperly parses XML input containing a reference to an external entity, aka 'Remote Desktop Connection Manager Information Disclosure Vulnerability'...

5.5CVSS5.1AI score0.04556EPSS
Exploits0References1
OSV
OSV
added 2020/02/12 8:15 p.m.2 views

CVE-2020-6187

SAP NetWeaver Guided Procedures, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service...

4.9CVSS5.8AI score0.00856EPSS
Exploits0References2
Prion
Prion
added 2020/02/12 8:15 p.m.13 views

Design/Logic Flaw

SAP NetWeaver Guided Procedures, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service...

4CVSS5.1AI score0.00856EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/11 6:49 a.m.37 views

Security Bulletin: Security Vulnerability in Expat affects IBM Netezza Analytics

Summary Expat is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by a heap-based buffer over-read in XMLGetCurrentLineNumber. By using a...

7.5CVSS1.4AI score0.06643EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.42 views

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-2256)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.08739EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1783)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.1AI score0.07107EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.22 views

openSUSE: Security Advisory for expat (openSUSE-SU-2019:2205-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS8.7AI score0.06643EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2019/12/28 3:54 a.m.48 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. Mitigation Mitigation for this issue is either...

7.5CVSS2.2AI score0.06643EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2019/12/26 12:0 a.m.4 views

The vulnerability of the XMLInputFactory class in the OSGi Apache Karaf container allows a attacker to execute arbitrary code.

The vulnerability of the XMLInputFactory class in the OSGi Apache Karaf container is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.2AI score0.0748EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/11/08 12:0 a.m.45 views

Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106)

This update upgrades Thunderbird to version 68.2.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total...

8.8CVSS7.4AI score0.06643EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2019/10/30 12:0 a.m.36 views

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029)

This update upgrades Thunderbird to version 68.2.0. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 - Mozilla: Use-after-free when creating index updates in IndexedDB CVE-2019-11757 - Mozilla: Potentially exploitable crash due to 360 Total...

8.8CVSS7.4AI score0.06643EPSS
Exploits3References10
Rows per page
Query Builder