Lucene search
K

255 matches found

OSV
OSV
added 2018/12/11 10:29 p.m.5 views

CVE-2018-2492

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50...

7.1CVSS5.8AI score0.01138EPSS
Exploits0References3
Prion
Prion
added 2018/12/11 10:29 p.m.22 views

Design/Logic Flaw

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50...

5.5CVSS6.8AI score0.01138EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/11/13 8:29 p.m.1 views

CVE-2018-2477

Knowledge Management XMLForms in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source...

8.8CVSS5.8AI score0.01732EPSS
Exploits0References3
Prion
Prion
added 2018/11/13 8:29 p.m.18 views

Design/Logic Flaw

Knowledge Management XMLForms in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source...

6.5CVSS8.6AI score0.01732EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/10/16 11:13 p.m.2 views

GHSA-VQ9J-JH62-5HMP Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

Description: The Validation Component of Apache Camel evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...

7.4CVSS7.2AI score0.0489EPSS
Exploits0References12
Cvelist
Cvelist
added 2018/10/10 8:0 p.m.27 views

CVE-2018-12544

In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...

9.4AI score0.02172EPSS
Exploits0References4
NVD
NVD
added 2018/09/11 3:29 p.m.19 views

CVE-2018-2465

SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...

7.5CVSS7.5AI score0.02555EPSS
Exploits0References3
OSV
OSV
added 2018/09/11 3:29 p.m.4 views

CVE-2018-2465

SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...

7.5CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2018/09/11 3:29 p.m.22 views

CVE-2018-2462

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source...

8.8CVSS8.7AI score0.01602EPSS
Exploits0References3
Prion
Prion
added 2018/09/11 3:29 p.m.19 views

Design/Logic Flaw

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source...

6.5CVSS8.6AI score0.01602EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/09/11 3:0 p.m.20 views

CVE-2018-2465

SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...

7.5AI score0.02555EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/09/11 3:0 p.m.23 views

CVE-2018-2462

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source...

8.8AI score0.01602EPSS
Exploits0References3
OSV
OSV
added 2018/05/09 8:29 p.m.3 views

CVE-2018-2416

SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source...

5.4CVSS5.8AI score0.01506EPSS
Exploits0References6
NVD
NVD
added 2018/05/09 8:29 p.m.14 views

CVE-2018-2416

SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source...

5.5CVSS5.6AI score0.01506EPSS
Exploits0References6
Prion
Prion
added 2018/05/09 8:29 p.m.13 views

Design/Logic Flaw

SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source...

5.5CVSS5.6AI score0.01506EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2018/05/09 8:0 p.m.16 views

CVE-2018-2416

SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source...

5.6AI score0.01506EPSS
Exploits0References6
CVE
CVE
added 2018/05/09 8:0 p.m.34 views

CVE-2018-2416

CVE-2018-2416 affects SAP Identity Management 7.2 and 8.0, where XML from an untrusted source is not properly validated. Connected sources describe an XML External Entity Injection risk that could lead to information disclosure or denial of service. The documents do not specify affected subcompon...

5.5CVSS5.6AI score0.01506EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2017/10/17 10:58 a.m.2 views

SUSE-SU-2017:2749-1 Security update for xerces-j2

xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file...

7.2AI score
Exploits0References4
0day.today
0day.today
added 2017/07/22 12:0 a.m.70 views

Oracle Integration Gateway File Upload Vulnerability

Exploit for windows platform in category web applications 1. ADVISORY INFORMATION Title: File Upload in Integration Gateway PSIGW Advisory ID: ERPSCAN-17-039 Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-gateway-psigw-peoplesoft/ Risk: High Date published:...

7.5CVSS8.4AI score0.01924EPSS
Exploits2
OSV
OSV
added 2017/07/17 1:18 p.m.12 views

CVE-2017-7664

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0...

10CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder