Export limit exceeded: 342090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10445 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10445 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20217 | 3 Debian, Mit, Redhat | 4 Debian Linux, Kerberos, Ansible Tower and 1 more | 2024-11-21 | 5.3 Medium |
| A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. | ||||
| CVE-2018-20160 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd. | ||||
| CVE-2018-20157 | 1 Openrefine | 1 Openrefine | 2024-11-21 | N/A |
| The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files. | ||||
| CVE-2018-20059 | 1 Pippo | 1 Pippo | 2024-11-21 | N/A |
| jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | ||||
| CVE-2018-20030 | 1 Libexif Project | 1 Libexif | 2024-11-21 | N/A |
| An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. | ||||
| CVE-2018-20023 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-11-21 | N/A |
| LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Improper Initialization vulnerability in VNC Repeater client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR | ||||
| CVE-2018-20022 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-11-21 | N/A |
| LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC client code that allows attacker to read stack memory and can be abuse for information disclosure. Combined with another vulnerability, it can be used to leak stack memory layout and in bypassing ASLR | ||||
| CVE-2018-20000 | 1 Apereo | 1 Bw-webdav | 2024-11-21 | N/A |
| Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. | ||||
| CVE-2018-1970 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A |
| IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 153751. | ||||
| CVE-2018-1939 | 1 Ibm | 1 Cloud Private | 2024-11-21 | N/A |
| IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319. | ||||
| CVE-2018-1920 | 1 Ibm | 1 Marketing Platform | 2024-11-21 | N/A |
| IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152855. | ||||
| CVE-2018-1905 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 9.0.0.0 through 9.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 152534. | ||||
| CVE-2018-1875 | 1 Ibm | 2 Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2024-11-21 | N/A |
| IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 151639. | ||||
| CVE-2018-1846 | 1 Ibm | 1 Rational Engineering Lifecycle Manager | 2024-11-21 | N/A |
| IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945. | ||||
| CVE-2018-1845 | 3 Ibm, Linux, Microsoft | 8 Aix, Infosphere Governance Catalog, Infosphere Information Server and 5 more | 2024-11-21 | 7.1 High |
| IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905. | ||||
| CVE-2018-1844 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | N/A |
| IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904. | ||||
| CVE-2018-1840 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application Server. IBM X-Force ID: 150813. | ||||
| CVE-2018-1835 | 1 Ibm | 1 Daeja Viewone | 2024-11-21 | N/A |
| IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150514. | ||||
| CVE-2018-1821 | 1 Ibm | 1 Operational Decision Manager | 2024-11-21 | N/A |
| IBM Operational Decision Management 8.5, 8.6, 8.7, 8.8, and 8.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150170. | ||||
| CVE-2018-1801 | 1 Ibm | 3 App Connect, Integration Bus, Websphere Message Broker | 2024-11-21 | N/A |
| IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639. | ||||