Lucene search
K

1178 matches found

Github Security Blog
Github Security Blog
added 2018/11/21 10:24 p.m.32 views

Exposure of Sensitive Information to an Unauthorized Actor in Apache hive

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...

4.3CVSS1AI score0.02272EPSS
Exploits0References6Affected Software3
OSV
OSV
added 2018/11/21 10:24 p.m.14 views

GHSA-RXMR-C9JM-7MM8 Exposure of Sensitive Information to an Unauthorized Actor in Apache hive

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...

3.7CVSS7.2AI score0.02272EPSS
Exploits0References6
Openbugbounty
Openbugbounty
added 2018/11/20 9:10 p.m.7 views

valeasingcorp.com XSS vulnerability

Open Bug Bounty ID: OBB-700453 Description| Value ---|--- Affected Website:| valeasingcorp.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidde...

Exploits0
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.3 views

No title provided

An XML External Entity XXE Injection vulnerability was reported in the XPath component of HornetQ...

7.3AI score
Exploits0References2
Amazon
Amazon
added 2018/09/05 12:0 a.m.550 views

Medium: libxml2

Issue Overview: A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to cra...

7.5CVSS6.8AI score0.03681EPSS
Exploits0
Fedora
Fedora
added 2018/08/09 4:53 p.m.47 views

[SECURITY] Fedora 27 Update: libxml2-2.9.8-4.fc27

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.5CVSS0.5AI score0.03681EPSS
Exploits1
Fedora
Fedora
added 2018/08/07 1:20 a.m.49 views

[SECURITY] Fedora 28 Update: libxml2-2.9.8-4.fc28

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

7.5CVSS0.5AI score0.03681EPSS
Exploits1
OSV
OSV
added 2018/07/19 1:29 p.m.4 views

ALPINE-CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

7.5CVSS6.9AI score0.03681EPSS
Exploits0References1
OSV
OSV
added 2018/07/19 1:29 p.m.2 views

DEBIAN-CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

7.5CVSS6.2AI score0.03681EPSS
Exploits0References1
OSV
OSV
added 2018/07/19 1:29 p.m.34 views

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

7.5CVSS6.9AI score
Exploits0References9
Vulnrichment
Vulnrichment
added 2018/07/19 1:0 p.m.1 views

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

6.5AI score0.03681EPSS
Exploits0References9
CVE
CVE
added 2018/07/19 1:0 p.m.327 views

CVE-2018-14404

The CVE-2018-14404 entry affects libxml2 (up to 2.9.8). It describes a NULL pointer dereference in xpath.c:xmlXPathCompOpEval() when parsing an invalid XPath expression in the XPATH_OP_AND/OR case, potentially causing a denial-of-service crash for applications processing untrusted XSL inputs. Pub...

7.5CVSS6.3AI score0.03681EPSS
Exploits0References9Affected Software2
Cvelist
Cvelist
added 2018/07/19 1:0 p.m.27 views

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

6.4AI score0.03681EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2018/07/19 12:0 a.m.27 views

CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

7.5CVSS6.7AI score0.03681EPSS
Exploits0References3
OSV
OSV
added 2018/07/19 12:0 a.m.3 views

UBUNTU-CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

7.5CVSS6.6AI score0.03681EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:30 a.m.24 views

Security Bulletin: Vulnerability in netcf affects PowerKVM (CVE-2014-8119)

Summary PowerKVM is affected by a vulnerability in netcf. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2014-8119 DESCRIPTION: The netcfg package in Linux is vulnerable to a denial of service, caused by the improper processing of XPath expressions by the findifcfgpath function...

7.5CVSS1.9AI score0.02672EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2018/06/18 12:0 a.m.10 views

PT-2018-2348

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.9 Description The issue is related to a NULL pointer dereference vulnerability in the xpath.c:xmlXPathCompOpEval function of libxml2. This vulnerability can be exploited by a remote attacker, allowing them to caus...

10CVSS8.3AI score0.92144EPSS
Exploits49References145
0day.today
0day.today
added 2018/06/12 12:0 a.m.36 views

Joomla EkRishta 2.10 Component - username SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win ...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/06/12 12:0 a.m.27 views

Joomla EkRishta 2.10 SQL Injection

Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/12 12:0 a.m.56 views

Joomla! Component EkRishta 2.10 - 'username' SQL Injection

Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...

7.4AI score
Exploits0
Rows per page
Query Builder