Lucene search
K

1178 matches found

RedHat Linux
RedHat Linux
added 2019/10/21 7:22 p.m.5 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
ossfuzz
ossfuzz
added 2019/10/20 8:51 a.m.15 views

libxslt:xpath: Heap-buffer-overflow in xmlXPathCompileExpr

Project: https://gitlab.gnome.org/GNOME/libxslt.git Detailed Report: https://oss-fuzz.com/testcase?key=5638886922911744 Project: libxslt Fuzzing Engine: afl Fuzz Target: xpath Job Type: aflasanlibxslt Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x7fd03ca4f7c8 Crash...

6.8AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2019/10/19 6:58 p.m.23 views

CVE-2018-14404

A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the...

7.5CVSS4.3AI score0.03681EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/10/18 12:0 a.m.45 views

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20191016)

Security Fixes : - OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 - OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn Scripting, 8223518 CVE-2019-2975 - OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler...

6.8CVSS6.6AI score0.03749EPSS
Exploits0References15
RedHat Linux
RedHat Linux
added 2019/10/17 2:33 p.m.6 views

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03732EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/17 10:0 a.m.6 views

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03732EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/17 9:59 a.m.10 views

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03732EPSS
Exploits0References4
Veracode
Veracode
added 2019/10/17 12:22 a.m.41 views

Denial Of Service (DoS)

OpenJDK is vulnerable to denial of service DoS. The vulnerability exists through an unexpected exception thrown by XPath processing crafted XPath expression...

3.7CVSS3.1AI score0.03749EPSS
Exploits0References24Affected Software4
RedHat Linux
RedHat Linux
added 2019/10/16 4:2 p.m.4 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/16 3:1 p.m.6 views

OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03749EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/10/16 3:1 p.m.8 views

OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.4AI score0.03732EPSS
Exploits0References4
NVD
NVD
added 2019/10/08 8:15 p.m.18 views

CVE-2019-0370

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...

6.5CVSS6.4AI score0.00721EPSS
Exploits0References2
Prion
Prion
added 2019/10/08 8:15 p.m.14 views

Input validation

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...

6.4CVSS6.4AI score0.00721EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/10/08 7:20 p.m.19 views

CVE-2019-0370

Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...

6.5AI score0.00721EPSS
Exploits0References2
CVE
CVE
added 2019/10/08 7:20 p.m.62 views

CVE-2019-0370

CVE-2019-0370 affects SAP Financial Consolidation (before v10.0 and v10.1). The vulnerability arises from missing input validation, allowing crafted input to interfere with the structure of surrounding queries, resulting in an XPath Injection. The connected documents confirm the root cause (input...

6.5CVSS6.4AI score0.00721EPSS
Exploits0References2Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.17 views

PRODSECBUG-2272: XPath Injection via front end rendering functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01285EPSS
Exploits0Affected Software1
ossfuzz
ossfuzz
added 2019/09/14 6:40 a.m.19 views

libxslt:xpath: Heap-buffer-overflow in xsltFormatNumberConversion

Project: https://gitlab.gnome.org/GNOME/libxslt.git Detailed Report: https://oss-fuzz.com/testcase?key=5656808252768256 Project: libxslt Fuzzing Engine: afl Fuzz Target: xpath Job Type: aflasanlibxslt Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60300000131f Crash...

Exploits0Affected Software1
ossfuzz
ossfuzz
added 2019/08/07 11:55 a.m.16 views

libxslt/xpath: Crash in xmlXPathCompileExpr

Project: https://gitlab.gnome.org/GNOME/libxslt.git Detailed report: https://oss-fuzz.com/testcase?key=5702070090334208 Project: libxslt Fuzzer: libFuzzerlibxsltxpath Fuzz target binary: xpath Job Type: libfuzzerubsanlibxslt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7fccc6e37fd...

7AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2019/06/24 12:0 a.m.114 views

AZADMIN CMS Of HIDEA 1.0 SQL Injection

Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files: newsdet.php + Dork :...

0.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/30 12:0 a.m.39 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2019-1614)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There ...

7.5CVSS6.4AI score0.03681EPSS
Exploits0References3
Rows per page
Query Builder