Lucene search
K

1178 matches found

RedHat Linux
RedHat Linux
added 2020/01/07 6:24 p.m.2 views

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03732EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/07 6:24 p.m.3 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/02 2:3 p.m.3 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
OSV
OSV
added 2019/12/17 11:14 p.m.4 views

USN-4223-1 openjdk-8, openjdk-lts vulnerabilities

Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. CVE-2019-2894 It was discovered that the Socket implementation in OpenJDK did not properly...

6.8CVSS7AI score0.03749EPSS
Exploits0References17
Ubuntu
Ubuntu
added 2019/12/17 11:14 p.m.108 views

USN-4223-1: OpenJDK vulnerabilities

Jan Jancar, Petr Svenda, and Vladimir Sedlacek discovered that a side- channel vulnerability existed in the ECDSA implementation in OpenJDK. An Attacker could use this to expose sensitive information. CVE-2019-2894 It was discovered that the Socket implementation in OpenJDK did not properly...

6.8CVSS7AI score0.03749EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/12/09 1:28 p.m.4 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/12/09 1:28 p.m.3 views

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03732EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/12/09 8:58 a.m.3 views

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03732EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/12/05 3:22 p.m.4 views

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03732EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/12/05 3:22 p.m.5 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/12/05 3:22 p.m.5 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/12/05 3:22 p.m.3 views

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03732EPSS
Exploits0References4
CNVD
CNVD
added 2019/11/20 12:0 a.m.3 views

Unspecified Vulnerability in SAP Financial Consolidation

SAP Financial Consolidation is a financial statement solution from SAP. The product is designed to automate intercompany reconciliations and offsets, currency conversions, and provide financial statement generation. An unspecified vulnerability exists in SAP Financial Consolidation. The...

6.5CVSS7.1AI score0.00721EPSS
Exploits0References1
NVD
NVD
added 2019/11/06 1:15 a.m.24 views

CVE-2019-8158

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

9.8CVSS9.4AI score0.01285EPSS
Exploits0References1
OSV
OSV
added 2019/11/06 1:15 a.m.14 views

CVE-2019-8158

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

9.8CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2019/11/06 1:15 a.m.18 views

Design/Logic Flaw

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

7.5CVSS9.4AI score0.01285EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/06 12:3 a.m.53 views

CVE-2019-8158

CVE-2019-8158 affects Magento: Magento 2.2 prior to 2.2.10 and 2.3 prior to 2.3.3 (or 2.3.2-p1). The issue is an XPath entity injection in the page cache block rendering path, where crafted GET data is passed to the XML data processing engine without validation, allowing limited access to underly...

9.8CVSS9.3AI score0.01285EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/11/06 12:3 a.m.21 views

CVE-2019-8158

An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that gets passed to XML data processing engine without validation. The crafted key/value GET request data...

9.5AI score0.01285EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/10/24 12:0 a.m.307 views

CentOS 6 : java-1.8.0-openjdk (CESA-2019:3136)

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.8CVSS6.6AI score0.03749EPSS
Exploits0References15
OSV
OSV
added 2019/10/23 9:6 p.m.9 views

MGASA-2019-0302 Updated java-1.8.0-openjdk packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Missing restrictions on use of custom SocketImpl Networking, 8218573. CVE-2019-2945 Improper handling of Kerberos proxy credentials Kerberos, 8220302. CVE-2019-2949 NULL pointer dereference in DrawGlyphList 2D, 8222690. CVE-2019-2962...

6.8CVSS6.1AI score0.03749EPSS
Exploits0References4
Rows per page
Query Builder