Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2725 matches found

OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for xerces-c (EulerOS-SA-2016-1004)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.08946EPSS
Exploits0References2
OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.35 views

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1698)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.5AI score0.19069EPSS
Exploits0References2
OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1783)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.1AI score0.07107EPSS
Exploits1References2
OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2019-1758)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.1AI score0.07107EPSS
Exploits1References2
OpenVAS
OpenVASadded 2020/01/23 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for xerces-c (EulerOS-SA-2018-1100)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.08751EPSS
Exploits3References2
Veracode
Veracodeadded 2020/01/16 3:9 a.m.36 views

XML External Entity (XXE) Injection

pyamf is vulnerable to XML external entity XXE attacks. The attack exists because the XML parser does not disable the parsing of external DTDs, allowing a remote attacker to inject malicious external DTD entities via an Action Message Format AMF payload to retrieve system files or perform request...

7.1CVSS5.4AI score0.01378EPSS
Exploits0References6Affected Software1
Prion
Prionadded 2020/01/15 4:15 p.m.15 views

Xxe

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

6.5CVSS8.6AI score0.01382EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2020/01/15 3:15 p.m.62 views

CVE-2020-2092

CVE-2020-2092 affects Jenkins Robot Framework Plugin (versions ≤ 2.0.0). The issue is that the XML parser is not configured to prevent XML External Entity (XXE) attacks, enabling users with Job/Configure to submit crafted XML documents that may expose secrets, enable SSRF, or cause denial of serv...

8.8CVSS8.6AI score0.01382EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2020/01/15 3:15 p.m.32 views

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

8.7AI score0.01382EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2020/01/03 12:0 a.m.27 views

Cisco Data Center Network Manager addGroupNavigation XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the addGroupNavigation SOAP...

7.5CVSS2.7AI score0.01306EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2020/01/03 12:0 a.m.25 views

Cisco Data Center Network Manager getInventoryIslList XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the getInventoryIslList SOAP...

7.5CVSS2.6AI score0.01306EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiativeadded 2020/01/03 12:0 a.m.28 views

Cisco Data Center Network Manager getTopologyVlanList XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Data Center Network Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of requests to the getTopologyVlanList SOAP...

7.5CVSS2.6AI score0.01306EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2019/12/28 3:54 a.m.46 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read. Mitigation Mitigation for this issue is either...

7.5CVSS2.2AI score0.06643EPSS
Exploits1References3
NVD
NVDadded 2019/12/18 8:15 p.m.25 views

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

8.1CVSS7.9AI score0.09503EPSS
Exploits0References15
OSV
OSVadded 2019/12/18 8:15 p.m.8 views

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

8.1CVSS7.9AI score
Exploits0References15
UbuntuCve
UbuntuCveadded 2019/12/18 8:15 p.m.40 views

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

8.1CVSS7AI score0.09503EPSS
Exploits0References9
Prion
Prionadded 2019/12/18 8:15 p.m.24 views

Design/Logic Flaw

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

6.8CVSS7.7AI score0.09503EPSS
Exploits0References14Affected Software9
CVE
CVEadded 2019/12/18 12:0 a.m.399 views

CVE-2018-1311

CVE-2018-1311 describes a use-after-free in the Apache Xerces-C++ XML parser when scanning external DTDs. Publicly reported ranges indicate impact on Xerces-C versions 3.0.0–3.2.3, with no fixes in those older maintained lines and mitigation limited to disabling DTD processing (via DOM feature or...

8.1CVSS7.9AI score0.09503EPSS
Exploits0References15Affected Software1
Cvelist
Cvelistadded 2019/12/18 12:0 a.m.32 views

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

8.1AI score0.09503EPSS
Exploits0References14
Debian CVE
Debian CVEadded 2019/12/18 12:0 a.m.30 views

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

8.1CVSS3.5AI score0.09503EPSS
Exploits0
Rows per page
Query Builder