Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2904 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3996 | 2 Elog Project, Fedoraproject | 2 Elog, Fedora | 2024-11-21 | 6.5 Medium |
| ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests. | ||||
| CVE-2019-3867 | 1 Redhat | 1 Quay | 2024-11-21 | 4.1 Medium |
| A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue. | ||||
| CVE-2019-3790 | 1 Pivotal Software | 1 Operations Manager | 2024-11-21 | N/A |
| The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources. | ||||
| CVE-2019-3774 | 2 Pivotal Software, Redhat | 2 Spring Batch, Jboss Fuse | 2024-11-21 | N/A |
| Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | ||||
| CVE-2019-3773 | 3 Oracle, Pivotal Software, Redhat | 4 Financial Services Analytical Applications Infrastructure, Flexcube Private Banking, Spring Web Services and 1 more | 2024-11-21 | 9.8 Critical |
| Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | ||||
| CVE-2019-3772 | 2 Oracle, Vmware | 2 Retail Customer Management And Segmentation Foundation, Spring Integration | 2024-11-21 | N/A |
| Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources. | ||||
| CVE-2019-3768 | 1 Emc | 1 Rsa Authentication Manager | 2024-11-21 | 6.5 Medium |
| RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message. | ||||
| CVE-2019-3752 | 1 Dell | 2 Emc Avamar Server, Emc Integrated Data Protection Appliance | 2024-11-21 | 8.2 High |
| Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2 and 19.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, 2.2, 2.3 and 2.4. contain an XML External Entity(XXE) Injection vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability to cause Denial of Service or information exposure by supplying specially crafted document type definitions (DTDs) in an XML request. | ||||
| CVE-2019-3722 | 1 Dell | 1 Emc Openmanage Server Administrator | 2024-11-21 | N/A |
| Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request. | ||||
| CVE-2019-3481 | 1 Hp | 1 Arcsight Logger | 2024-11-21 | N/A |
| Mitigates a XML External Entity Parsing issue in ArcSight Logger versions prior to 6.7. | ||||
| CVE-2019-2861 | 1 Oracle | 1 Hyperion Planning | 2024-11-21 | N/A |
| Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Planning accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). | ||||
| CVE-2019-25041 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-25037 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-25036 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-20627 | 1 Rbsoft | 1 Autoupdater.net | 2024-11-21 | 9.8 Critical |
| AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. | ||||
| CVE-2019-20191 | 1 Sync | 3 Oxygen Xml Author, Oxygen Xml Developer, Oxygen Xml Editor | 2024-11-21 | 7.5 High |
| Oxygen XML Editor 21.1.1 allows XXE to read any file. | ||||
| CVE-2019-20153 | 1 Determine | 1 Contract Lifecycle Management | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials). | ||||
| CVE-2019-20056 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | 6.5 Medium |
| stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | ||||
| CVE-2019-1903 | 1 Cisco | 1 Security Manager | 2024-11-21 | N/A |
| A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references within XML entities. An exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition. | ||||
| CVE-2019-1060 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | ||||