212 matches found
MiracleLinux 7 : pki-core-10.5.18-24.el7 (AXSA:2022-4313:05)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4313:05 advisory. pki-core: access to external entities when parsing XML can lead to XXE CVE-2022-2414 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : pki-core-11.0.6-2.el9.ML.1 (AXSA:2023-5106:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5106:02 advisory. pki-core: access to external entities when parsing XML can lead to XXE CVE-2022-2414 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : pki-core:10.6 (AXSA:2022-4440:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4440:01 advisory. pki-core: access to external entities when parsing XML can lead to XXE CVE-2022-2414 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : thunderbird-78.14.0-1.el8.ML.1 (AXSA:2021-2414:17)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2414:17 advisory. Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 CVE-2021-38493 Tenable has extracted the preceding description block...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-2414)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2016-2414
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider negative size values in font data,...
TencentOS Server 2: pki-core (TSSA-2022:0289)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0289 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
CVE-2021-2414
Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications component: Routing. Supported versions that are affected are 8.4 and 9.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...
Linux Distros Unpatched Vulnerability : CVE-2022-2414
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve t...
PT-2024-37606 · Undefined · Undefined
CVE-2024-6413 Duplicate CVE Reserved Reference CVE-2023-2414 Instead: This candidate number is rejected and should not be used. It is a duplicate of CVE-2023-2414. All information and references in this candidate... https://t.co/wnIMr6LEKZ...
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2024-2414)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
U.S. Dept Of Defense: XML E██████ternal Entity (XXE) Injection in ███
The vulnerability described in CVE-2022-2414 was an XML External Entity XXE injection flaw. XXE vulnerabilities occur when an application improperly processes XML input containing references to external entities. This allowed access to arbitrary files on the server...
CVE-2024-2414
creationtimestamp| type| source ---|---|--- 2024-03-13 13:47:00+00:00| seen| https://t.me/ctinow/206676 2024-03-13 13:51:46+00:00| seen| https://t.me/ctinow/206679...
CVE-2024-2414
The primary channel is unprotected on Movistar 4G router affecting E version SWLD71-T1v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges...
CVE-2024-2414
CVE-2024-2414 affects Movistar 4G router (S_WLD71-T1_v2.0.201820). The issue is an unprotected primary channel with the adb service listening on port 5555, granting a root shell. Public sources report root-access via ADB pre-auth, high impact (C:H, I:H, A:H) with adjacent attack vector and no use...
CVE-2024-2414 Unprotected Primary Channel vulnerability in Movistar 4G router
The primary channel is unprotected on Movistar 4G router affecting E version SWLD71-T1v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges...
Amazon Linux 2 : java-11-amazon-corretto (ALAS-2024-2414)
The version of java-11-amazon-corretto installed on the remote host is prior to 11.0.22+7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2414 advisory. A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even...
VulnCheck KEV: CVE-2022-2414
Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...
Rocky Linux 9 : pki-core (RLSA-2022:7326)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7326 advisory. - Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve...
Exploit for Improper Restriction of XML External Entity Reference in Dogtagpki
CVE-2022-2414 CVE-2022-24...