Lucene search
K

343 matches found

OSV
OSV
added 2019/06/24 5:15 p.m.31 views

CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks...

7.5CVSS6.7AI score
Exploits0References21
Cvelist
Cvelist
added 2019/06/24 4:6 p.m.22 views

CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks...

7.7AI score0.07107EPSS
Exploits1References21
Cvelist
Cvelist
added 2019/06/19 4:0 p.m.18 views

CVE-2018-18406

An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179Final. The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response...

6.8AI score0.02034EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2019/05/06 7:3 p.m.72 views

High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack

Cisco Systems has patched two high-severity vulnerabilities that can be exploited by remote unauthenticated adversaries to launch denial of service attacks. Impacted are Cisco’s TelePresence Video Communication Server and the company’s ASA 5500-X Series Firewalls. The vulnerability with the wides...

10CVSS1.8AI score0.0348EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2019/04/25 12:0 a.m.6 views

The vulnerability of XMLTooling’s XML file syntax analysis library lies in its improper handling of exceptions for incorrect XML declarations. This allows a malicious actor to trigger a service failure using a specially crafted XML structure.

The vulnerability of the XML parsing library XMLTooling is related to improper handling of exceptions for incorrect XML declarations. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially crafted XML structure...

5.3CVSS6.6AI score0.02052EPSS
Exploits0References5Affected Software4
OSV
OSV
added 2019/04/18 1:29 a.m.1 views

CVE-2019-1720

A vulnerability in the XML API of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due...

4.9CVSS6.5AI score0.01697EPSS
Exploits0References2
Cisco
Cisco
added 2019/04/17 4:0 p.m.41 views

Cisco Expressway Series and Cisco TelePresence Video Communication Server Denial of Service Vulnerability

A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service DoS condition on an affected system. The...

7.7CVSS1.8AI score0.02067EPSS
Exploits0References1
OSV
OSV
added 2018/10/17 8:29 p.m.42 views

GHSA-6V7W-535J-RQ5M Pivotal Spring Framework DoS Attack with XML Input

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

5.5CVSS5.3AI score0.02555EPSS
Exploits0References25
Github Security Blog
Github Security Blog
added 2018/10/17 8:29 p.m.27 views

Pivotal Spring Framework DoS Attack with XML Input

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

5.5CVSS5.6AI score0.02555EPSS
Exploits0References24Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/04 10:20 p.m.17 views

Security Bulletin: A security vulnerability has been identified in FileNet Content Management Interoperability Services (CMIS) shipped with IBM Case Manager (CVE-2018-1364)

Summary FileNet Content Management Interoperability Services CMIS is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting FileNet Content Management Interoperability Services CMIS has been published in a separate security bulletin. Vulnerability Details...

2.7AI score0.02419EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/10 12:13 a.m.21 views

Security Bulletin: FileNet Content Management Interoperability Services (CMIS), which ships with IBM Content navigator, is affected by the ability to parse untrusted XML input containing a reference to an external entity

Summary FileNet Content Management Interoperability Services CMIS, which ships with IBM Content Navigator, is affected by the following vulnerability: Ability to process untrusted XML input containing a reference to an external entity that is parsed by a weekly configured XML parser. Vulnerabilit...

8.2CVSS1.1AI score0.02419EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2017/11/01 12:0 a.m.3 views

SyncBreeze Enterprise Arbitrary Code Execution Vulnerability

SyncBreeze is a fast, powerful and reliable file synchronization solution for local disks, network shares, NAS storage devices and enterprise storage systems. An arbitrary code execution vulnerability exists in Flexense SyncBreeze Enterprise 10.1.16. An attacker can trigger a buffer overflow by...

7.8CVSS8.3AI score0.05507EPSS
Exploits4References1
Check Point Advisories
Check Point Advisories
added 2017/09/18 12:0 a.m.6 views

Apache Struts 2 REST Plugin XStream Denial of Service (CVE-2017-9793)

A denial-of-service vulnerability exists in the Apache Struts 2 REST plugin. The vulnerability is due improper validation of XML input by the XStream library, during the deserialization process. A remote attacker could exploit this vulnerability by sending a crafted XML payload to the target serv...

5CVSS3.5AI score0.07268EPSS
Exploits0
Prion
Prion
added 2017/07/11 9:29 p.m.19 views

Information disclosure

Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability improperly parses XML input containing a...

2.1CVSS5.2AI score0.01541EPSS
Exploits0References4Affected Software4
Microsoft KB
Microsoft KB
added 2017/07/11 7:0 a.m.49 views

Security update for the MSINFO.exe information disclosure vulnerability in Windows Server 2008: July 11, 2017

Security update for the MSINFO.exe information disclosure vulnerability in Windows Server 2008: July 11, 2017 Summary An information disclosure vulnerability exists in the Windows System Information Console when it improperly parses XML input that contains a reference to an external entity. To...

5.5CVSS7.1AI score0.01541EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/07/11 7:0 a.m.38 views

Windows System Information Console Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Microsoft Common Console Document .msc when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE...

5.5CVSS4.5AI score0.01541EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2017/07/11 7:0 a.m.39 views

Windows Performance Monitor Information Disclosure Vulnerability

An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity XXE...

6.5CVSS4.4AI score0.06666EPSS
Exploits0
Symantec
Symantec
added 2017/06/28 8:0 a.m.32 views

Symantec Management Console XSS/XXE Issues

SUMMARY Symantec has released an update to address two issues that were discovered in the Symantec Management Console. AFFECTED PRODUCTS Symantec Management Console --- CVE | Affected Versions | Remediation CVE-2017-6322 CVE-2017-6323 | Prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6 & ITMS 7.6POSTHF7 |...

5.2CVSS0.00521EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2017/05/18 5:56 a.m.25 views

Heap-based Buffer Overread

The nokogiri gem contains a libxml2 package which is vulnerable to a heap-based buffer overread vulnerability. The vulnerability in libxml2 is referenced as CVE-2016-1833. Using a flaw in the htmlCurrentChar function, attackers can trigger the vulnerability using malicious XML input...

5.5CVSS6.8AI score0.02559EPSS
Exploits1References2Affected Software2
Veracode
Veracode
added 2017/05/18 3:11 a.m.27 views

Heap-Based Buffer Overflow In Libxml2

nokogiri gem is using libxml2 which is vulnerable to CVE-2016-1834. The vulnerability exists when xmlStrlen returns a negative length in the xmlStrncat function. Therefore, it may lead to other attacks such as denial of service or arbitrary code execution through a heap-based buffer overflow usin...

9AI score0.04643EPSS
Exploits1
Rows per page
Query Builder