Search Results (12033 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-9180 1 Xmltwig 1 Xml-twig For Perl 2025-04-12 N/A
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.
CVE-2016-5977 1 Ibm 1 Tealeaf Customer Experience 2025-04-12 N/A
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2014-5325 1 Directwebremoting 1 Direct Web Remoting 2025-04-12 N/A
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2015-7558 2 Debian, Gnome 2 Debian Linux, Librsvg 2025-04-12 N/A
librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document.
CVE-2015-5289 4 Canonical, Debian, Postgresql and 1 more 5 Ubuntu Linux, Debian Linux, Postgresql and 2 more 2025-04-12 N/A
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.
CVE-2016-3705 6 Canonical, Debian, Hp and 3 more 8 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 5 more 2025-04-12 N/A
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
CVE-2015-1832 1 Apache 1 Derby 2025-04-12 N/A
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.
CVE-2014-8162 2 Redhat, Suse 2 Network Satellite, Manager 2025-04-12 N/A
XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
CVE-2015-3811 3 Oracle, Redhat, Wireshark 4 Linux, Solaris, Enterprise Linux and 1 more 2025-04-12 N/A
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.
CVE-2014-5119 3 Debian, Gnu, Redhat 5 Debian Linux, Glibc, Enterprise Linux and 2 more 2025-04-12 N/A
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
CVE-2016-9181 1 Image-info Project 1 Image-info For Perl 2025-04-12 N/A
perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.
CVE-2015-0248 5 Apache, Apple, Opensuse and 2 more 10 Subversion, Xcode, Opensuse and 7 more 2025-04-12 N/A
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
CVE-2015-4700 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-12 N/A
The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.
CVE-2015-3217 3 Ibm, Pcre, Redhat 5 Powerkvm, Pcre, Pcre2 and 2 more 2025-04-12 N/A
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/.
CVE-2016-6408 1 Cisco 1 Prime Home 2025-04-12 N/A
Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814.
CVE-2016-8864 4 Debian, Isc, Netapp and 1 more 16 Debian Linux, Bind, Data Ontap Edge and 13 more 2025-04-12 7.5 High
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
CVE-2015-3212 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-12 N/A
Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.
CVE-2016-3720 2 Fasterxml, Fedoraproject 2 Jackson-dataformat-xml, Fedora 2025-04-12 9.8 Critical
XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.
CVE-2015-8952 1 Linux 1 Linux Kernel 2025-04-12 N/A
The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) via filesystem operations in environments that use many attributes, as demonstrated by Ceph and Samba.
CVE-2015-3455 4 Fedoraproject, Oracle, Redhat and 1 more 5 Fedora, Linux, Solaris and 2 more 2025-04-12 N/A
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.