Lucene search
K

2722 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/08/08 4:13 a.m.27 views

Security Bulletin: Apache Xerces-C vulnerabilities (XML4C) affects IBM Cloud Manager with OpenStack (CVE-2016-0729)

Summary IBM Cloud Manager with Openstack is vulnerable to a Apache Xerces-C XML Parser library vulnerablities. Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input...

9.8CVSS1.7AI score0.09115EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/08/08 4:13 a.m.20 views

Security Bulletin: Apache Xerces-C vulnerabilities affects IBM Cloud Manager with OpenStack (CVE-2016-4463)

Summary IBM Cloud Manager with Openstack is vulnerable to a Apache Xerces-C XML Parser library vulnerablities. Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this...

7.5CVSS2.4AI score0.14138EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/08/07 12:0 a.m.4 views

JetBrains IntelliJ IDEA XML parser XML External Entity Injection Vulnerability

JetBrains IntelliJ IDEA is the Czech Republic JetBrains set of integrated development environment for the Java language . XML parser is one of the XML parser . An XML external entity injection vulnerability exists in the XML parser in JetBrains IntelliJ IDEA, which can be exploited to retrieve...

7.8CVSS7.8AI score0.02259EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/06 8:0 p.m.26 views

CVE-2016-8526

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities XXE. XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attac...

8.5AI score0.09815EPSS
Exploits5References3
NVD
NVD
added 2018/08/03 3:29 p.m.16 views

CVE-2017-8316

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml...

7.8CVSS7.6AI score0.02259EPSS
Exploits1References3
Prion
Prion
added 2018/08/03 3:29 p.m.16 views

Xxe

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml...

7.8CVSS7.6AI score0.02259EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/08/03 3:0 p.m.22 views

CVE-2017-8316

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml...

7.6AI score0.02259EPSS
Exploits1References3
CVE
CVE
added 2018/08/03 3:0 p.m.48 views

CVE-2017-8316

This CVE (CVE-2017-8316) affects JetBrains IntelliJ IDEA’s XML parser. The connected documents describe an XML External Entity (XXE) injection vulnerability in the IntelliJ IDEA XML parser, enabling an attacker to exploit via a malicious AndroidManifest.xml to retrieve arbitrary files from a user...

7.8CVSS7.5AI score0.02259EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2018/07/27 12:0 a.m.7 views

PT-2018-8384 · Red Hat · Jboss Eap

Name of the Vulnerable Software and Affected Versions: JBoss EAP version 7.0 Description: The JAXP implementation used for SAX and DOM parsing in JBoss EAP is susceptible to certain XXE flaws. This could allow an attacker to cause a denial of service, server-side request forgery, or information...

9.8CVSS8.9AI score0.01911EPSS
Exploits0References4
NVD
NVD
added 2018/07/24 1:29 p.m.14 views

CVE-2018-10600

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution in certain situations on specific platforms, and denial of service attacks...

9.8CVSS9.3AI score0.02468EPSS
Exploits0References1
Prion
Prion
added 2018/07/24 1:29 p.m.13 views

Design/Logic Flaw

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution in certain situations on specific platforms, and denial of service attacks...

7.5CVSS9.6AI score0.02468EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/24 1:0 p.m.24 views

CVE-2018-10600

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution in certain situations on specific platforms, and denial of service attacks...

9.7AI score0.02468EPSS
Exploits0References1
CVE
CVE
added 2018/07/24 1:0 p.m.52 views

CVE-2018-10600

SEL AcSELerator Architect 2.2.24.0 and prior is affected by an XXE vulnerability caused by unsanitized input passed to the XML parser. This may lead to disclosure of arbitrary data, potential arbitrary code execution on certain platforms, and denial of service. Affected product: AcSELerator Archi...

9.8CVSS9.5AI score0.02468EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/07/03 2:29 p.m.17 views

CVE-2018-7783

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

7.5CVSS7.5AI score0.0156EPSS
Exploits0References1
Prion
Prion
added 2018/07/03 2:29 p.m.20 views

Xxe

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

5CVSS7.4AI score0.0156EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/07/03 2:0 p.m.19 views

CVE-2018-7783

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...

7.5AI score0.0156EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/06/28 12:0 a.m.25 views

EulerOS 2.0 SP3 : xerces-c (EulerOS-SA-2018-1160)

According to the versions of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read an...

9.8CVSS8.3AI score0.08751EPSS
Exploits3References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:35 a.m.35 views

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple Expat vulnerabilities (CVE-2016-5300, CVE-2016-6702)

Summary Multiple vulnerabilities have been identified in Expat that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2012-6702 DESCRIPTION: Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, could...

7.8CVSS0.4AI score0.06539EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:47 p.m.49 views

Security Bulletin: IBM Tivoli Common Reporting (TCR) 2017Q3 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary Fixes of Cognos Business Intelligence are provided as part of TCR fixes This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Versi...

9.8CVSS1AI score0.14138EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:40 p.m.36 views

Security Bulletin: A vulnerability in the agent core framework affects IBM Performance Management products

Summary The agent core framework component makes use of expat. Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, could provide weaker than expected security. The expat XML parser is vulnerable to a denial of service, caused by the failure to use sufficient...

7.8CVSS0.9AI score0.06539EPSS
Exploits0Affected Software1
Rows per page
Query Builder