Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0991 | 1 Admidio | 1 Admidio | 2024-11-21 | 7.1 High |
| Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. | ||||
| CVE-2022-0865 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-11-21 | 5.5 Medium |
| Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. | ||||
| CVE-2022-0861 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.5 Low |
| A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data. | ||||
| CVE-2022-0667 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.5 High |
| When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | ||||
| CVE-2022-0635 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.5 High |
| Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | ||||
| CVE-2022-0272 | 1 Detekt | 1 Detekt | 2024-11-21 | 9.8 Critical |
| Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0. | ||||
| CVE-2022-0265 | 1 Hazelcast | 1 Hazelcast | 2024-11-21 | 9.8 Critical |
| Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. | ||||
| CVE-2022-0239 | 1 Stanford | 1 Corenlp | 2024-11-21 | 9.8 Critical |
| corenlp is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2022-0221 | 1 Schneider-electric | 1 Scadapack Workbench | 2024-11-21 | 5.5 Medium |
| A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could result in information disclosure when opening a malicious solution file provided by an attacker with SCADAPack Workbench. This could be exploited to pass data from local files to a remote system controlled by an attacker. Affected Product: SCADAPack Workbench (6.6.8a and prior) | ||||
| CVE-2022-0219 | 1 Jadx Project | 1 Jadx | 2024-11-21 | 5.5 Medium |
| Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2. | ||||
| CVE-2022-0217 | 1 Prosody | 1 Prosody | 2024-11-21 | 7.5 High |
| It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611). | ||||
| CVE-2022-0198 | 1 Stanford | 1 Corenlp | 2024-11-21 | 7.1 High |
| corenlp is vulnerable to Improper Restriction of XML External Entity Reference | ||||
| CVE-2021-4295 | 1 Healthit | 1 Code-validator-api | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-46784 | 3 Debian, Redhat, Squid-cache | 5 Debian Linux, Enterprise Linux, Rhel E4s and 2 more | 2024-11-21 | 6.5 Medium |
| In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. | ||||
| CVE-2021-46666 | 2 Mariadb, Redhat | 4 Mariadb, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.5 Medium |
| MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. | ||||
| CVE-2021-46660 | 1 Signiant | 1 Manager\+agents | 2024-11-21 | 9.8 Critical |
| Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. | ||||
| CVE-2021-46517 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
| There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. | ||||
| CVE-2021-46515 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
| There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. | ||||
| CVE-2021-46514 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
| There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS v2.20.0. | ||||
| CVE-2021-46511 | 1 Cesanta | 1 Mjs | 2024-11-21 | 5.5 Medium |
| There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0. | ||||