Lucene search
K

1178 matches found

Fedora
Fedora
added 2020/09/16 2:44 p.m.51 views

[SECURITY] Fedora 32 Update: libxml2-2.9.10-7.fc32

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.5CVSS0.5AI score0.07836EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2020/08/17 2:28 p.m.10 views

troisquarts.ch Cross Site Scripting vulnerability OBB-1262718

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Amazon
Amazon
added 2020/08/12 12:0 a.m.59 views

Important: libxml2

Issue Overview: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library...

8.8CVSS8.4AI score0.043EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2020/07/23 12:0 a.m.49 views

Amazon Linux 2 : libxml2 (ALAS-2020-1466)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1466 advisory. A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when...

8.8CVSS7.2AI score0.043EPSS
Exploits3References13
Openbugbounty
Openbugbounty
added 2020/07/09 3:18 p.m.10 views

support.cycliq.com Cross Site Scripting vulnerability OBB-1219683

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/05/26 1:15 p.m.9 views

bite.guitars Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1172576 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/05/01 12:0 a.m.79 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2020-1533)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There ...

7.5CVSS6.7AI score0.07836EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.60 views

Fedora: Security Advisory for libxml2 (FEDORA-2020-0c71c00af4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.07836EPSS
Exploits0References2
Hacker One
Hacker One
added 2020/04/17 4:0 p.m.86 views

GitHub Security Lab: Go/CWE-643: XPath Injection Query in Go

This bug was reported directly to GitHub Security Lab...

1.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/04/04 12:59 p.m.9 views

deborahjreed.ca Cross Site Scripting vulnerability

Security Researcher KhanJanny Helped patch 2643 vulnerabilities Received 9 Coordinated Disclosure badges Received 38 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting deborahjreed.ca website and its users. Following...

0.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/04/02 5:10 p.m.8 views

libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the...

7.5CVSS7.1AI score0.03681EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/31 8:22 p.m.3 views

libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the...

7.5CVSS7.1AI score0.03681EPSS
Exploits0References4
Hacker One
Hacker One
added 2020/03/19 9:55 p.m.238 views

GitHub Security Lab: XPath Injection query in java

This bug was reported directly to GitHub Security Lab...

1.4AI score
Exploits0
Fedora
Fedora
added 2020/02/15 2:18 a.m.53 views

[SECURITY] Fedora 31 Update: libxml2-2.9.10-3.fc31

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.5CVSS0.5AI score0.07836EPSS
Exploits0
NVD
NVD
added 2020/01/15 7:15 p.m.21 views

CVE-2015-1809

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

7.5CVSS7.5AI score0.01414EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/01/15 7:15 p.m.34 views

CVE-2015-1809

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

7.5CVSS7.2AI score0.01414EPSS
Exploits0References2
Prion
Prion
added 2020/01/15 7:15 p.m.24 views

Xxe

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

5CVSS7AI score0.01414EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/01/15 6:5 p.m.32 views

CVE-2015-1809

XML external entity XXE vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query...

7.4AI score0.01414EPSS
Exploits0References2
CVE
CVE
added 2020/01/15 6:5 p.m.84 views

CVE-2015-1809

CVE-2015-1809 describes an XML External Entity (XXE) vulnerability in CloudBees Jenkins prior to 1.600 and in LTS releases prior to 1.596.1. The vulnerability arises from Jenkins' XPath/XML handling, allowing a remote attacker with read access to read arbitrary XML files on the Jenkins server. Af...

7.5CVSS7.3AI score0.01414EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/01/13 12:0 a.m.4 views

The vulnerability in the SAP Financial Consolidation web application, related to errors in processing XML requests, allows an attacker to execute an “Xpath injection” attack.

The vulnerability of the SAP Financial Consolidation web application is related to errors in processing XML requests. Exploiting this vulnerability allows a malicious actor to carry out an “Xpath injection” attack remotely...

6.5CVSS6.5AI score0.00721EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder