EUVD-2023-40743

Malicious code in bioql PyPI...

MAL-2025-40743 Malicious code in zamia-quasar-iblz (npm)

The package zamia-quasar-iblz was found to contain malicious code...

Security Bulletin: Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration

Summary Apache Axis1 CVE-2023-40743 security vulnerability in FileNet Content Manager, Process Engine Process Orchestration. Affected, not vulnerable. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not...

Fedora 37 : trafficserver (2022-62b61a8542)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-62b61a8542 advisory. Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743 Tenable has extracted the preceding description block directly from the...

Adobe InDesign 16.0 < 17.0.0 Multiple Vulnerabilities (APSB21-107) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 17.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB21-107 advisory. - Adobe InDesign versions 16.4 and earlier are affected by a Buffer Overflow vulnerability when parsing a specially...

Joomla! Multiple Vulnerabilities (20240802, 20240805)

Joomla! is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla"; ifdescription...

CVE-2024-40743

creationtimestamp| type| source ---|---|--- 2024-08-20 18:48:50+00:00| seen| https://t.me/cvedetector/3666...

CVE-2024-40743 [20240805] - Core - XSS vectors in Outputfilter::strip* methods

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...

CVE-2024-40743 [20240805] - Core - XSS vectors in Outputfilter::strip* methods

The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors...

Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service attack due to Apache Axis (CVE-2023-40743)

Summary IBM Sterling Control Center uses Apache Axis. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-40743 DESCRIPTION: Apache Axis could allow a remote attacker to execute arbitrary code on the system, caused by improper input...

Ubuntu: Security Advisory (USN-6470-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6470-1: Axis vulnerability

It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2023-40743...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Axis vulnerability (USN-6470-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has a package installed that is affected by a vulnerability as referenced in the USN-6470-1 advisory. It was discovered that Axis incorrectly handled certain inputs. If a user or an automated system were tricked...

Debian: Security Advisory (DLA-3622-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3622-1] axis security update

Debian LTS Advisory DLA-3622-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 17, 2023 https://wiki.debian.org/LTS Package : axis Version : 1.4-28+deb10u1 CVE ID : CVE-2023-40743 Debian Bug : 1051288 Letian Yuan discovered a flaw in Apache Axis 1.x, a SOA...

CVE-2023-40743

creationtimestamp| type| source ---|---|--- 2023-09-05 18:17:06+00:00| published-proof-of-concept| https://t.me/cibsecurity/69856...

cn.net.vidyo:dylink-vidyo-ws-sdk (>=2.1.0.16.RELEASE <=3.0.0.3.RELEASE), com.aftia.plugin:aem-build-maven-plugin.core (>=1.2.1 <=1.2.2) +286 more potentially affected by CVE-2023-40743 via org.apache.axis:axis (=1.4)

org.apache.axis:axis MAVEN version =1.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.axis:axis and may be impacted: - cn.net.vidyo:dylink-vidyo-ws-sdk =2.1.0.16.RELEASE, =1.2.1, =1.0.0, =1.4-build003, =0.9.1, =0.0.3.M1, =0.0.3.M1,...

CVE-2023-40743

Apache Axis 1.x is affected by CVE-2023-40743 due to unsafe handling in ServiceFactory.getService, which can enable DoS, SSRF, and remote code execution when untrusted input is used. The issue arises from LDAP-like lookups via the API. Mitigation is to migrate to a maintained SOAP engine (e.g., A...

CVE-2023-40743 Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService

UNSUPPORTED WHEN ASSIGNED When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose...

Fedora 36 : trafficserver (2022-489ea47e69)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-489ea47e69 advisory. Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743 Tenable has extracted the preceding description block directly from the...