Lucene search
K

64 matches found

RedHat Linux
RedHat Linux
added 2022/12/08 1:21 p.m.4 views

libxml2: integer overflows with XML_PARSE_HUGE

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

7.5CVSS6.8AI score0.22791EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.8 views

CVE-2022-45395

Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

6.7AI score0.01057EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/01 12:0 a.m.62 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5)

The version of AOS installed on the remote host is prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5 advisory. - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the...

10CVSS7.5AI score0.99295EPSS
Exploits113References124
Positive Technologies
Positive Technologies
added 2022/05/12 12:0 a.m.4 views

PT-2022-9863 · Hcl +1 · Hcl Unica +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue occurs due to poorly configured XML parsers processing user-supplied input without sufficient validation, allowing attackers to manipulate XML content and inject malicious...

7.5CVSS7.5AI score0.0079EPSS
Exploits0References3
OSV
OSV
added 2022/05/05 5:15 p.m.9 views

CVE-2021-38441

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser...

9.8CVSS6.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.18 views

Mitsubishi Electric FR Configurator2 (CVE-2019-10976)

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file .frc2. Once a user opens the file, the attacker could read arbitrary files. This plugin only works...

5.5AI score0.01019EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/11/05 6:47 p.m.3 views

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

9.8CVSS7.2AI score0.07269EPSS
Exploits0References4
Hacker One
Hacker One
added 2019/12/08 10:12 p.m.13 views

Razer: Insecure Processing of XML leads to Denial of Service through Billion Laughs Attack

The tester discovered a Razer Gold Thailand server was vulnerable to a DoS attack / resource exhaustion related to an XML parser used on the server. Razer thanks the tester for his clear report/PoC...

2.8AI score
Exploits0
OSV
OSV
added 2019/07/26 12:15 a.m.6 views

CVE-2019-10976

Mitsubishi Electric FR Configurator2, Version 1.16S and prior. This vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project and/or template file .frc2. Once a user opens the file, the attacker could read arbitrary files...

5.5CVSS5.9AI score0.01019EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/02/05 12:0 a.m.6 views

The vulnerability of the Apache Xerces-C XML Parser for syntactic analysis and XML processing lies in its improper handling of DTD paths, which allows attackers to cause service failures.

The vulnerability of the Apache Xerces-C XML Parser for syntactic analysis and XML processing is related to incorrect handling of DTD paths. In some cases, this leads to the misuse of the zero pointer. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

9.8CVSS7.6AI score0.08445EPSS
Exploits3References4Affected Software1
OSV
OSV
added 2018/12/20 3:29 p.m.3 views

CVE-2018-1000820

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity XXE vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c...

10CVSS5.8AI score0.01873EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 11:16 p.m.21 views

Security Bulletin: IBM Cognos Business Intelligence Server 2016Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.

Summary This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues...

10CVSS0.9AI score0.92334EPSS
Exploits8Affected Software1
CNVD
CNVD
added 2017/07/19 12:0 a.m.4 views

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded (CNVD-2017-18571)

Oracle Java SE and Java SE Embedded are both products of Oracle Corporation. Java SE is an acronym for Java Platform Standard Edition based on the JDK and JRE for developing and deploying Java applications on desktops and servers as well as embedded devices and real-time environments. A security...

9CVSS6.7AI score0.02971EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/11/18 4:40 p.m.7 views

OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893...

5CVSS7.3AI score0.04457EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/10/21 6:47 p.m.7 views

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

5CVSS7.3AI score0.04695EPSS
Exploits0References5
CNVD
CNVD
added 2015/04/12 12:0 a.m.3 views

Cisco ASA VPN XML Parser Denial of Service Vulnerability

The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. A security vulnerability exists in Cisco ASA Software's XML parser that stems from a failure to effectively strengthen the XML parser configuration. It could be exploited b...

7.8CVSS7AI score0.0191EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/25 12:0 a.m.5 views

Xerces-C++ XML Parsing Remote Denial of Service Vulnerability

Xerces is promoted by the Apache organization of an XML document parsing open source project . A vulnerability in the processing of XML data in internal/XMLReader.cpp in Apache Xerces-C allows remote attackers to conduct denial-of-service attacks...

5CVSS7AI score0.3969EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.34 views

Oracle Linux 5 : tomcat (ELSA-2009-1164)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1164 advisory. - add patch for CVE-2007-5333 Resolves: rhbz427779 - add patch for CVE-2008-5515 Resolves: rhbz504758 - add patch for CVE-2009-0033 - add patch for...

5CVSS5.7AI score0.9444EPSS
Exploits9References7
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.44 views

RHEL 4 : JBoss EAP (RHSA-2009:1144)

Updated JBoss Enterprise Application Platform JBEAP 4.2 packages that fix various issues are now available for Red Hat Enterprise Linux 4 as JBEAP 4.2.0.CP07. This update has been rated as having important security impact by the Red Hat Security Response Team. JBoss Enterprise Application Platfor...

5CVSS5.9AI score0.9444EPSS
Exploits6References8
RedHat Linux
RedHat Linux
added 2011/05/05 6:16 p.m.4 views

expat: buffer over-read and crash on XML with malformed UTF-8 sequences

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

5CVSS6.8AI score0.27924EPSS
Exploits1References4
Rows per page
Query Builder