Lucene search
K

226 matches found

Debian CVE
Debian CVE
added 2020/02/06 12:52 p.m.24 views

CVE-2010-3917

Removed by vendor...

6.5CVSS6.7AI score0.00761EPSS
Exploits0
OSV
OSV
added 2020/01/15 4:15 p.m.17 views

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

8.8CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2020/01/15 3:15 p.m.33 views

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

8.7AI score0.01382EPSS
Exploits0References1
CNVD
CNVD
added 2020/01/08 12:0 a.m.4 views

Mozilla Firefox Security Bypass Vulnerability (CNVD-2020-02975)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 72, which stems from the program not applying content security policies to the XSL stylesheets of XML documents. An attacker could us...

6.5CVSS8.8AI score0.01145EPSS
Exploits0References1
NVD
NVD
added 2019/12/17 3:15 p.m.32 views

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.8CVSS8.6AI score0.0064EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/12/17 2:40 p.m.33 views

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

8.7AI score0.0064EPSS
Exploits0References2
Prion
Prion
added 2019/11/05 3:15 p.m.18 views

Denial of service

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents...

4.3CVSS7.1AI score0.02083EPSS
Exploits1References7Affected Software6
OSV
OSV
added 2019/09/23 3:15 p.m.6 views

SUSE-SU-2019:2440-1 Security update for expat

This update for expat fixes the following issues: Security issue fixed: - CVE-2019-15903: Fixed a heap-based buffer over-read caused by crafted XML documents. bsc1149429...

7.5CVSS8.2AI score0.06643EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2019/06/03 3:40 p.m.168 views

USN-4003-1: Qt vulnerabilities

It was discovered that Qt incorrectly handled certain XML documents. A remote attacker could use this issue with a specially crafted XML document to cause Qt to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-15518 It was discovered that Qt incorrectly handle...

9.8CVSS6.7AI score0.03382EPSS
Exploits0
Veracode
Veracode
added 2019/05/02 6:10 a.m.31 views

Denial Of Service (DoS)

Java SE and Java SE Embedded are vulnerable to denial of serviceDos attacks. This occurs in JAXP component of OpenJDK which fails to correctly enforce parse tree size limits when parsing XML documents. An attacker could use this flaw to crash the application via consuming an excessive amount of C...

5.9CVSS6.2AI score0.03311EPSS
Exploits0References14Affected Software2
Fedora
Fedora
added 2019/02/13 2:48 a.m.31 views

[SECURITY] Fedora 29 Update: xerces-c27-2.7.0-28.fc29

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and wri te XML data. A shared library is provided for parsing, generating, manipulatin g, and validating XML documents. Xerces-C is faithful to the XML 1.0...

9.8CVSS2.3AI score0.14138EPSS
Exploits3
OPENSUSE Linux
OPENSUSE Linux
added 2018/12/08 12:22 a.m.86 views

Security update for dom4j (moderate)

This update for dom4j fixes the following issues: - CVE-2018-1000632: Prevent XML injection that could have resulted in an attacker tampering with XML documents bsc1105443. This update was imported from the SUSE:SLE-15:Update update project. This update was imported from the...

6.4CVSS1.6AI score0.0657EPSS
Exploits1References1
OSV
OSV
added 2018/10/16 7:54 p.m.49 views

GHSA-35HC-X2CW-2J4V Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

7.5CVSS7.4AI score0.077EPSS
Exploits0References5
Prion
Prion
added 2018/09/25 12:29 a.m.38 views

Code injection

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

5CVSS6.7AI score0.10911EPSS
Exploits0References16Affected Software8
Prion
Prion
added 2018/08/28 7:29 p.m.13 views

Cross site scripting

An issue was discovered in inc/classfeedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. The thread titles within title elements of the generated XML documents aren't sanitized, leading to...

4.3CVSS6.1AI score0.02261EPSS
Exploits5References2Affected Software1
CNVD
CNVD
added 2018/08/21 12:0 a.m.2 views

Red Hat JBoss Core Services libxml2 Denial of Service Vulnerability (CNVD-2018-15905)

Red hat JBoss Core Services is the United States Red Hat Red Hat, Inc. provides a variety of intermediate section of the tool set. libxml2 is the GNOME project team developed a C-based language used to parse XML documents library, which supports a variety of encoding formats, Xpath parsing,...

6.5CVSS7.5AI score0.0104EPSS
Exploits0References1
Veracode
Veracode
added 2018/07/25 7:28 a.m.31 views

Heap-based Buffer Overflow

libxml2.so is affected by a heap-based buffer overflow vulnerability. This is due to the way XML documents are parsed in the xmlFAParsePosCharGroup function, leading to memory corruption that can cause remote code execution or a denial of service condition...

7.8CVSS9.2AI score0.03239EPSS
Exploits1References3Affected Software2
Veracode
Veracode
added 2018/07/05 1:40 a.m.41 views

Denial Of Service (DoS)

.NET Core is vulnerable to denial of service DoS. This is due to the way the .NET applications process XML documents which could lead to a denial of service condition when a specially crafted request is submitted...

7.5CVSS7.2AI score0.077EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2018/05/15 12:0 a.m.48 views

ASP.NET Core Denial of Service Vulnerability (May 2018) - Windows

ASP.NET Core is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:microsoft:asp.netcore...

7.5CVSS7.6AI score0.077EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2018/05/15 12:0 a.m.51 views

.NET Core SDK Denial of Service Vulnerability - Windows

.NET Core SDK is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.6AI score0.077EPSS
Exploits0References3
Rows per page
Query Builder