CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

679 matches found

RedHat Linux•added 2021/05/18 2:56 p.m.•81 views

Moderate: Red Hat Security Advisory: python-lxml security update

An update for python-lxml is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

6.1CVSS6.5AI score0.01246EPSS

Exploits1References3

Tenable Nessus•added 2021/04/12 12:0 a.m.•112 views

ManageEngine ServiceDesk Plus < 11.2 Build 11200 Unauthenticated Stored XSS

A stored cross-site scripting XSS vulnerability exists in the XML processing logic of asset discovery. By sending a crafted HTTP POST request to /discoveryServlet/WsDiscoveryServlet, a remote, unauthenticated attacker can create an asset containing malicious JavaScript. When an administrator view...

6.1CVSS5.9AI score0.18638EPSS

Exploits1References2

OSV•added 2021/04/02 6:15 p.m.•0 views

CVE-2020-9926

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted...

7.8CVSS6AI score

Exploits0References5

Prion•added 2021/04/02 6:15 p.m.•13 views

Design/Logic Flaw

6.8CVSS8.3AI score0.00667EPSS

Exploits0References5Affected Software6

CNNVD•added 2021/03/22 12:0 a.m.•1 views

XStream 代码问题漏洞

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can be easily converted to each other . XStream has a server-side request forgery vulnerability that can be exploited by an attacker to manipulate the processed input strea...

9.1CVSS8.2AI score0.00869EPSS

Exploits1References40

NVD•added 2021/03/12 5:15 p.m.•25 views

CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

4.3CVSS0.01344EPSS

Exploits0References5

OSV•added 2021/03/12 5:15 p.m.•19 views

CVE-2021-21366

4.3CVSS4.4AI score

Exploits0References5

Debian CVE•added 2021/03/12 12:0 a.m.•28 views

CVE-2021-21366

4.3CVSS4.8AI score0.01344EPSS

Exploits0

CVE•added 2021/03/12 12:0 a.m.•100 views

CVE-2021-21366

CVE-2021-21366 - xmldom : The vulnerability arises from xmldom’s handling of XML when repeatedly parsing and serializing malicious documents, due to improper preservation of system identifiers, FPIs, and namespaces. This can cause unexpected syntactic changes in downstream applications. The issue...

4.3CVSS4.6AI score0.01344EPSS

Exploits0References5Affected Software1

NCSC•added 2021/02/11 12:0 a.m.•2 views

Vulnerability fixed in IBM WebSphere Application Server

IBM WebSphere Application Server is vulnerable to an XML External Entity Injection XXE attack when processing XML data. An external attacker can exploit this security vulnerability to obtain obtain sensitive information. IBM has released updates to fix the vulnerability. For more information, see...

8.2CVSS7AI score0.01482EPSS

Exploits0

RedHat Linux•added 2020/12/16 3:21 p.m.•3 views

OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

5.3CVSS7.1AI score0.00474EPSS

Exploits0References4

Github Security Blog•added 2020/12/02 6:28 p.m.•47 views

XXE in petl

Impact Information Disclosure Summary petl is a Python library that provides functions for extraction, transformation, and loading ETL of data. petl before 1.68, in some configurations, allows resolution of entities in XML input. An attacker who is able to submit XML input to an application using...

9.8CVSS0.5AI score0.01877EPSS

Exploits0References11Affected Software1

OSV•added 2020/12/02 6:28 p.m.•23 views

GHSA-F5GC-P5M3-V347 XXE in petl

9.8CVSS9.2AI score0.01877EPSS

Exploits0References11

OpenVAS•added 2020/11/22 12:0 a.m.•19 views

Fedora: Security Advisory for mingw-libxml2 (FEDORA-2020-7773c53bc8)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS7AI score0.00697EPSS

Exploits1References2