CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

75 matches found

NVD•added 2022/07/25 3:15 p.m.•9 views

CVE-2022-2131

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack...

9.8CVSS0.00286EPSS

Exploits0References1

Prion•added 2022/07/25 3:15 p.m.•14 views

Xxe

7.5CVSS9.5AI score0.00286EPSS

Exploits0References1Affected Software1

OSV•added 2022/05/14 3:46 a.m.•48 views

GHSA-WJP3-4XCQ-598P Apache Sling JCR ContentLoader XmlReader Arbitrary File Load

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader...

7.5CVSS7.3AI score0.00842EPSS

Exploits0References3

Github Security Blog•added 2022/05/14 3:46 a.m.•18 views

Apache Sling JCR ContentLoader XmlReader Arbitrary File Load

7.5CVSS6.6AI score0.00842EPSS

Exploits0References4Affected Software1

Snyk•added 2022/02/20 12:0 a.m.•2 views

Use After Free

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free via the ID and IDREF attributes, when using the xmlReader interface with validation or when a document is parsed with XMLPARSEDTDVALID and without XMLPARSENOENT...

8.1CVSS8.8AI score0.00074EPSS

Exploits0References2

ossfuzz•added 2020/01/10 6:47 a.m.•14 views

xerces-c:parse_target: Index-out-of-bounds in xercesc_3_2::XMLReader::getNextCharIfNot

Detailed Report: https://oss-fuzz.com/testcase?key=5168997247221760 Project: xerces-c Fuzzing Engine: libFuzzer Fuzz Target: parsetarget Job Type: libfuzzerubsanxerces-c Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State: xercesc32::XMLReader::getNextCharIfNot...

6.8AI score

Exploits0Affected Software1

Prion•added 2018/07/15 3:29 p.m.•10 views

Design/Logic Flaw

XMLReader.php in PHPOffice Common before 0.2.9 allows XXE...

7.5CVSS9.3AI score0.00397EPSS

Exploits0References3Affected Software1

OSV•added 2018/07/15 3:29 p.m.•12 views

CVE-2018-14065

XMLReader.php in PHPOffice Common before 0.2.9 allows XXE...

9.8CVSS6.8AI score

Exploits0References3

NVD•added 2018/01/09 2:29 a.m.•10 views

CVE-2012-3353

7.5CVSS7.4AI score0.00842EPSS

Exploits0References2

Prion•added 2018/01/09 2:29 a.m.•10 views

Design/Logic Flaw

5CVSS6.7AI score0.00842EPSS

Exploits0References2Affected Software1

CVE•added 2018/01/08 9:0 p.m.•47 views

CVE-2012-3353

The CVE-2012-3353 entry concerns Apache Sling JCR ContentLoader’s XmlReader in version 2.1.4, which allows importing arbitrary files (including local files) into the content repository, enabling potential information disclosure. The vulnerability arises from how XmlReader handles import operation...

7.5CVSS7.3AI score0.00842EPSS

Exploits0References2Affected Software1

Cvelist•added 2018/01/08 9:0 p.m.•13 views

CVE-2012-3353

7.4AI score0.00842EPSS

Exploits0References2

Tenable Nessus•added 2016/07/06 12:0 a.m.•32 views

openSUSE Security Update : xerces-c (openSUSE-2016-833)

xerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++. It did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to ha...

10CVSS8.3AI score0.02173EPSS

Exploits0References2

ArchLinux•added 2016/06/25 12:0 a.m.•45 views

xerces-c: arbitrary code execution

The DTDScanner fails to account for the fact that peeking characters in the XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object...

10CVSS3.8AI score0.02173EPSS

Exploits0References4

Tenable Nessus•added 2016/05/13 12:0 a.m.•31 views

Debian DLA-467-1 : xerces-c security update

XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object. NOTE: Tenable Network Security has extracted the preceding description block...

10CVSS8.2AI score0.02173EPSS

Exploits0References3

Debian•added 2016/05/12 11:59 a.m.•31 views

[SECURITY] [DLA 467-1] xerces-c security update

Package : xerces-c Version : 3.1.1-3+deb7u3 CVE ID : CVE-2016-2099 Debian Bug : 823863 XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed...

10CVSS9.5AI score0.02173EPSS

Exploits0

OSV•added 2016/05/12 12:0 a.m.•21 views

DLA-467-1 xerces-c - security update

Bulletin has no description...

10CVSS9.4AI score0.02173EPSS

Exploits0

NVD•added 2015/08/14 6:59 p.m.•15 views

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

5CVSS7AI score0.02045EPSS

Exploits0References24

Prion•added 2015/08/14 6:59 p.m.•26 views

Design/Logic Flaw

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

5CVSS6.9AI score0.02045EPSS

Exploits0References24Affected Software11

Cvelist•added 2015/08/14 6:0 p.m.•20 views

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

7AI score0.02045EPSS

Exploits0References24

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by