Lucene search
K

7 matches found

Imperva Blog
Imperva Blog
added 2023/01/20 6:16 p.m.52 views

ManageEngine Vulnerability CVE-2022-47966

Recently, Zoho ManageEngine released a security advisory for CVE-2022-47966, which allows for pre-authentication remote code execution in at least 24 ManageEngine products, including ADSelfService Plus and ServiceDesk Plus. This vulnerability stems from the products’ use of an outdated Apache...

1.9AI score0.99753EPSS
Exploits15
NVD
NVD
added 2019/11/07 8:15 p.m.19 views

CVE-2019-3465

Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...

8.8CVSS8.4AI score0.03024EPSS
Exploits0References15
OSV
OSV
added 2016/03/09 11:59 a.m.4 views

CVE-2016-0132

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."...

9.8CVSS5.8AI score0.21976EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/03/09 11:0 a.m.29 views

CVE-2016-0132

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka ".NET XML Validation Security Feature Bypass."...

9.3AI score0.21976EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2013/12/17 6:30 p.m.37 views

Moderate: Red Hat Security Advisory: Red Hat JBoss Operations Network 3.2.0 update

Red Hat JBoss Operations Network 3.2.0, which fixes multiple security issues and several bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, whi...

5.8CVSS7AI score0.09254EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2013/10/09 2:53 p.m.4 views

CVE-2013-3860

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly parse a DTD during XML digital-signature validation, which allows remote attackers to cause a denial of service application crash or hang via a crafted signed XML document, aka "Entity Expansion Vulnerability."...

7.8CVSS5.6AI score0.31646EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/09/25 12:0 a.m.24 views

IBM Tivoli Federated Identity Manager XML Signature Validation Bypass

The version of IBM Tivoli Federated Identity Manager installed on the remote Windows host is affected by a signature validation bypass vulnerability due to improper validation of XML signatures related to certain single sign-on protocols and token modules. A remote, unauthenticated attacker can...

5.8CVSS5.5AI score0.00836EPSS
Exploits0References2
Rows per page
Query Builder