Lucene search
K

255 matches found

OSV
OSV
added 2022/05/13 1:1 a.m.100 views

GHSA-7J4H-8WPF-RQFH Missing XML Validation in Apache Xerces2

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

7.1CVSS7AI score0.24738EPSS
Exploits0References50
Github Security Blog
Github Security Blog
added 2022/05/13 1:1 a.m.43 views

Missing XML Validation in Apache Xerces2

XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment JRE in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlie...

7.1CVSS4.7AI score0.24738EPSS
Exploits0References50Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/04/30 12:0 a.m.77 views

F5 Networks BIG-IP : Expat vulnerabilities (K19473898)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K19473898 advisory. CVE-2022-23852Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for...

9.8CVSS7.8AI score0.33936EPSS
Exploits1References5
NVD
NVD
added 2022/04/12 5:15 p.m.13 views

CVE-2022-28213

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS...

8.1CVSS0.12476EPSS
Exploits4References3
OSV
OSV
added 2022/04/12 5:15 p.m.5 views

CVE-2022-28213

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS...

8.1CVSS7.4AI score0.12476EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2022/04/12 5:15 p.m.3 views

CVE-2022-28213

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS...

8.1CVSS7.2AI score0.12476EPSS
Exploits4References4Affected Software1
Prion
Prion
added 2022/04/12 5:15 p.m.19 views

Code injection

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS...

5.5CVSS8.1AI score0.12476EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2022/04/12 4:11 p.m.25 views

CVE-2022-28213

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS...

8.3AI score0.12476EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2022/04/12 12:0 a.m.1 views

PT-2022-18878 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform versions 420, 430 Description: The issue arises when a user accesses SOAP Web services, and the system fails to sufficiently validate the XML document accepted from an untrusted source. This...

8.1CVSS7.9AI score0.12476EPSS
Exploits4References6
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.32 views

Mageia: Security Advisory (MGASA-2020-0309)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS7.1AI score0.04315EPSS
Exploits0References5
OSV
OSV
added 2021/12/23 8:15 p.m.2 views

CVE-2018-4302

A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution...

7.8CVSS6AI score0.00915EPSS
Exploits0References5
NVD
NVD
added 2021/10/12 3:15 p.m.13 views

CVE-2021-40500

SAP BusinessObjects Business Intelligence Platform Crystal Reports - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the...

7.5CVSS0.01261EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/06/11 12:0 a.m.53 views

SAP NetWeaver AS JAVA Missing XML Validation (3053066)

SAP Netweaver Application Server Java versions 7.20, 7.30, 7.31, 7.40, and 7.50 allow an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation. This vulnerability enables an attacker to ful...

9CVSS7.6AI score0.01594EPSS
Exploits0References3
OSV
OSV
added 2021/06/09 2:15 p.m.1 views

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise...

6.5CVSS6.9AI score0.01594EPSS
Exploits0References4
NVD
NVD
added 2021/06/09 2:15 p.m.25 views

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise...

9CVSS0.01594EPSS
Exploits0References4
Prion
Prion
added 2021/06/09 2:15 p.m.15 views

Input validation

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise...

5.5CVSS6.3AI score0.01594EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/06/09 1:30 p.m.21 views

CVE-2021-27635

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the application because of missing XML Validation, this vulnerability enables attacker to fully compromise...

9CVSS6.4AI score0.01594EPSS
Exploits0References4
OSV
OSV
added 2021/03/15 10:15 p.m.4 views

CVE-2020-27282

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files...

4.3CVSS5.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2021/03/15 10:15 p.m.19 views

CVE-2020-27282

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files...

4.3CVSS0.00253EPSS
Exploits0References1
Prion
Prion
added 2021/03/15 10:15 p.m.14 views

Input validation

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files...

2.1CVSS4.5AI score0.00253EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder