AZL-26300 CVE-2023-26463 affecting package strongswan for versions less than 5.9.10-1

strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrust...

strongSwan 信任管理问题漏洞

strongSwan is a Swiss Andreas Steffen personal developer of a Linux platform to use the open source IPsec-based VPN solution. The solution includes authentication mechanisms such as X.509 public key certificates, securely stored private keys, and smart cards. A security vulnerability exists in...

The vulnerability of the UEFI loader of the Boot Manager for Windows operating systems allows a hacker to circumvent security restrictions.

The vulnerability of the UEFI-bootloader of Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow an attacker to bypass security restrictions...

pki-core: access to external entities when parsing XML can lead to XXE

A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...

PT-2023-20383 · Unknown · National Land Numerical Information Data Conversion Tool

Name of the Vulnerable Software and Affected Versions: National land numerical information data conversion tool all versions Description: The issue is related to the improper restriction of XML external entity references XXE in the National land numerical information data conversion tool. This...

CVE-2023-20030

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery SSRF attack through an affected device, or negatively impact the responsiveness of the...

DEBIAN-CVE-2023-28842

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

DEBIAN-CVE-2023-28841

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

National land numerical information data conversion tool 代码问题漏洞

National Land Information Division National land numerical information data conversion tool is a data conversion tool from National Land Information Division, Japan. A security vulnerability exists in the National land numerical information data conversion tool due to an improper restriction on X...

Hitachi Vantara Pentaho Business Analytics Server 代码问题漏洞

Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that stems from improper references to XML external...

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in errors in XML request processing, which allow attackers to gain unauthorized access to protected information.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to errors in processing XML requests. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

CVE-2022-43473

A blind XML External Entity XXE vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability...

PT-2023-21616 · Apple · Macos Monterey +4

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.3 macOS Monterey versions prior to 12.6.4 macOS Big Sur versions prior to 11.7.5 iOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 16.4 iPadOS versions prior to 15.7.4 Description: The...

Independentsoft JSpreadsheet 代码问题漏洞

Independentsoft JSpreadsheet is a Microsoft Excel-compatible API for Java and Android from Independentsoft, Germany. A security vulnerability exists in Independentsoft JSpreadsheet versions prior to 1.1.110, which stems from the API's susceptibility to XML External Entity XXE injection via a remo...

Jenkins Plugins Crap4J 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

VISAM VBASE 代码问题漏洞

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A code issue vulnerability exists in VISAM VBASE Automation Base prior to version 11.7.5, which stems from an improper restriction on XML external entity references, and can be exploited by an attacker to trick a user int...

The vulnerability of the NetAct network management system lies in the improper restriction of XML links to external objects. This allows attackers to gain unauthorized access to protected information or perform SSRF attacks.

The vulnerability of the NetAct network management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information or perform an SSRF attack...

[SECURITY] Fedora 38 Update: httpd-2.4.56-1.fc38

The Apache HTTP Server is a powerful, efficient, and extensible web server...

openstack-swift: Arbitrary file access through custom S3 XML entities

A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api...

Dassault Systèmes ENOVIA Live Collaboration V6R2013xE 代码注入漏洞

Dassault Systèmes ENOVIA Live Collaboration V6R2013xE is a Product Lifecycle Management PLM software from Dassault Systèmes, France. A security vulnerability exists in Dassault Systèmes ENOVIA Live Collaboration V6R2013xE version to V6R2013xE FP version, which stems from the discovery of an XSL...