Lucene search
K

343 matches found

Tenable Nessus
Tenable Nessus
added 2019/10/24 12:0 a.m.38 views

RHEL 7 : firefox (RHSA-2019:3193)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3193 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.8CVSS7.8AI score0.06643EPSS
Exploits3References20
Tenable Nessus
Tenable Nessus
added 2019/10/24 12:0 a.m.274 views

Mozilla Firefox ESR < 68.2

The version of Firefox ESR installed on the remote Windows host is prior to 68.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-33 advisory. - Mozilla developers and community members Bob Clary, Jason Kratzer, Aaron Klotz, Iain Ireland, Tyson Smith, Christia...

8.8CVSS8.5AI score0.06643EPSS
Exploits3References10
OSV
OSV
added 2019/09/28 10:21 a.m.8 views

OPENSUSE-SU-2019:2205-1 Security update for expat

This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. bsc1149429 This update was imported from the SUSE:SLE-15:Update update project...

7.5CVSS8.3AI score0.06643EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2019/09/28 12:0 a.m.179 views

Security update for expat (moderate)

openSUSE Security Update: Security update for expat Announcement ID: openSUSE-SU-2019:2205-1 Rating: moderate References: 1149429 Cross-References: CVE-2019-15903 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for expat fixe...

7.5CVSS7.8AI score0.06643EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2019/09/24 12:0 a.m.31 views

EulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2063)

According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high...

8.1CVSS8.2AI score0.19069EPSS
Exploits1References5
OSV
OSV
added 2019/09/23 7:28 a.m.6 views

SUSE-SU-2019:2429-1 Security update for expat

This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. bsc1149429...

7.5CVSS8.3AI score0.06643EPSS
Exploits1References3
OSV
OSV
added 2019/09/15 12:11 p.m.7 views

MGASA-2019-0274 Updated expat packages fix security vulnerability

Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service CVE-2018-20843...

7.8CVSS7.5AI score0.07107EPSS
Exploits1References4
Mageia
Mageia
added 2019/09/15 12:11 p.m.42 views

Updated expat packages fix security vulnerability

Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service CVE-2018-20843...

7.8CVSS1.5AI score0.07107EPSS
Exploits1References3
OSV
OSV
added 2019/09/04 6:15 a.m.23 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

7.5CVSS8AI score
Exploits0References59
NVD
NVD
added 2019/09/04 6:15 a.m.22 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

7.5CVSS8.1AI score0.06643EPSS
Exploits1References59
AlpineLinux
AlpineLinux
added 2019/09/04 5:59 a.m.86 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

7.5CVSS8.5AI score0.06643EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2019/09/04 5:59 a.m.3 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

8.2AI score0.06643EPSS
Exploits1References59
Debian CVE
Debian CVE
added 2019/09/04 5:59 a.m.44 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

7.5CVSS8.6AI score0.06643EPSS
Exploits1
Veracode
Veracode
added 2019/09/04 3:34 a.m.20 views

Remote Code Execution

nexus-yum-repository-plugin is vulnerable to remote code execution. An attacker with administrative access to nxrm is able to execute arbitrary OS commands on the system by setting the path of createrepo or mergerepo to an OS command in the XML input...

8.8CVSS4.6AI score0.18396EPSS
Exploits5References2Affected Software1
NVD
NVD
added 2019/08/14 9:15 p.m.21 views

CVE-2019-1187

A denial of service vulnerability exists when the XmlLite runtime XmlLite.dll improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by...

5.5CVSS7AI score0.03102EPSS
Exploits0References1
Prion
Prion
added 2019/08/14 9:15 p.m.24 views

Denial of service

A denial of service vulnerability exists when the XmlLite runtime XmlLite.dll improperly parses XML input, aka 'XmlLite Runtime Denial of Service Vulnerability'...

5CVSS7.3AI score0.03102EPSS
Exploits0References1Affected Software5
Microsoft Security Update
Microsoft Security Update
added 2019/08/05 9:0 p.m.14 views

Security update for the information disclosure vulnerability in Visual Studio 2010 Service Pack 1 (KB4506161)

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files...

3.2AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 2019/08/05 9:0 p.m.15 views

Security update for the information disclosure vulnerability in Visual Studio 2012 Update 5 (KB4506162)

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files...

2.7AI score
Exploits0
NVD
NVD
added 2019/07/15 7:15 p.m.38 views

CVE-2019-1079

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'...

6.5CVSS6AI score0.06124EPSS
Exploits0References1
CVE
CVE
added 2019/07/15 6:56 p.m.142 views

CVE-2019-1079

CVE-2019-1079 affects Microsoft Visual Studio. The vulnerability arises when Visual Studio improperly parses XML input in certain settings files, enabling an XML external entity (XXE) for information disclosure. An attacker who can entice an authenticated user to open a crafted XML file could rea...

6.5CVSS6.7AI score0.06124EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder