Lucene search
K

152 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:45 p.m.8 views

CVE-2022-29805

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload...

9.8CVSS8AI score0.27416EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:10 p.m.10 views

CVE-2022-33938

A format string injection vulnerability exists in the ghomeprocesscontrolpacket functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious X...

9.8CVSS6.8AI score0.00898EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 p.m.21 views

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload ...

9.8CVSS6.8AI score0.01261EPSS
Exploits1References1
NVD
NVD
added 2025/01/07 4:15 p.m.10 views

CVE-2024-46603

An XML External Entity XXE vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service DoS via a crafted XML payload...

7.5CVSS0.00682EPSS
Exploits0References1
CVE
CVE
added 2025/01/07 12:0 a.m.56 views

CVE-2024-46603

Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 is affected by an XML External Entity (XXE) vulnerability that can cause a Denial of Service (DoS) when processing crafted XML payloads. The issue’s root cause is XXE in the XML parsing path. Exploitation details are not provided in ...

7.5CVSS6.9AI score0.00682EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/28 2:38 p.m.40 views

CVE-2024-3969 XML External Entity injection vulnerability in iManager

XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload...

7.8CVSS8AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/05/03 6:22 a.m.70 views

CVE-2024-32962

A flaw was found in xml-crypto, where the default configuration lacks authorization checks for signers, only checking the signature's validity. This flaw allows malicious actors to pass a manipulated XML payload to instances of xml-crypto. By re-signing an XML document with a malicious private ke...

10CVSS9.2AI score0.00833EPSS
Exploits1References4
NVD
NVD
added 2024/05/03 2:15 a.m.25 views

CVE-2023-32171

Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...

6.5CVSS6.4AI score0.01356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 1:56 a.m.17 views

CVE-2023-32171 Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability

Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...

6.5CVSS6.6AI score0.01356EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:56 a.m.55 views

CVE-2023-32171

CVE-2023-32171 affects Unified Automation UaGateway OPC UA Server. The vulnerability occurs in the ImportCsv method where a crafted XML payload can trigger a null pointer dereference, enabling a remote denial-of-service condition. Exploitation requires authentication and is described in ZDI-20495...

6.5CVSS6.4AI score0.01356EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2023/11/20 12:0 a.m.497 views

Magento 2.4.6 XSLT Server Side Injection Vulnerability

Exploit Title: Magento ver. 2.4.6 - XSLT Server Side Injection Exploit Author: tmrswrr Vendor Homepage: https://magento2demo.firebearstudio.com/ Software Link: Magento 2.4.6-p3 Version: 2.4.6 Tested on: 2.4.6 POC 1. Enter with admin credentials to this URL: https://magento2demo.firebearstudio.com...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/06/26 12:0 a.m.241 views

HiSecOS 04.0.01 - Privilege Escalation Exploit

Exploit Title: HiSecOS 04.0.01 - Privilege Escalation Google Dork: HiSecOS Web Server Vulnerability Allows User Role Privilege Escalation Exploit Author: dreizehnutters Vendor Homepage: https://dam.belden.com/dmm3bwsv3/assetstream.aspx?assetid=15437&mediaformatid=50063&destinationid=10016 Version...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/06/25 12:0 a.m.22 views

Debian dla-3470 : owslib-doc - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3470 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3470-1 [email protected] https://www.debian.org/lts/security/...

8.2CVSS7.7AI score0.00985EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2023/06/21 12:0 a.m.240 views

HiSecOS 04.0.01 - Privilege Escalation

Exploit Title: HiSecOS 04.0.01 - Privilege Escalation Google Dork: HiSecOS Web Server Vulnerability Allows User Role Privilege Escalation Date: 21.06.2023 Exploit Author: dreizehnutters Vendor Homepage:...

7.4AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2023/05/31 12:0 a.m.24 views

(Pwn2Own) Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the ImportCsv method. A crafted XML payload can cause a null...

6.5CVSS6.6AI score0.01356EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/04/25 12:0 a.m.6 views

The vulnerability of the ClamAV antivirus program lies in the improper restriction of recursive references to objects in the DTDS, which allows a hacker to gain access to confidential information.

The vulnerability in the ClamAV scanning library relates to the possibility of replacing the XML payload, which may lead to the insertion of an external payload. Exploiting this vulnerability allows a malicious actor to send specially created XML code to the antivirus software and to read bytes...

5.3CVSS7.3AI score0.07003EPSS
Exploits5References4Affected Software4
Debian CVE
Debian CVE
added 2023/03/07 11:20 p.m.24 views

CVE-2023-27476

OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service interface standards, and their related content models. OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution, and could lead to arbitrary file reads from an...

8.2CVSS7.9AI score0.00985EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/07 8:41 p.m.23 views

OWSLib vulnerable to XML External Entity (XXE) Injection

Impact OWSLib's XML parser which supports both lxml and xml.etree does not disable entity resolution for lxml, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. Patches - Use only lxml for XML handling, adding...

8.2CVSS7.4AI score0.00985EPSS
Exploits0References10Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.37 views

K65065347: Apache Struts vulnerability CVE-2018-1327

Security Advisory Description The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as...

7.5CVSS7.8AI score0.09224EPSS
Exploits1
NVD
NVD
added 2022/10/25 5:15 p.m.25 views

CVE-2022-33938

A format string injection vulnerability exists in the ghomeprocesscontrolpacket functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious X...

9.8CVSS0.00898EPSS
Exploits1References1
Rows per page
Query Builder