PT-2023-1445 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the implementation of the Protected Extensible Authentication Protocol PEAP in Windows operating systems, which is associated with insufficient input validation. Thi...

KLA20233 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in...

KB5022845: Windows 11 Security Update (February 2023)

The remote Windows host is missing security update 5022845. It is, therefore, affected by multiple vulnerabilities - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability CVE-2023-21684, CVE-2023-21801 - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution...

KB5022893: Windows Server 2008 Security Update (February 2023)

The remote Windows host is missing security update 5022893. It is, therefore, affected by multiple vulnerabilities - Windows iSCSI Discovery Service Remote Code Execution Vulnerability CVE-2023-21803 - Microsoft PostScript Printer Driver Remote Code Execution Vulnerability CVE-2023-21684,...

HP PC 安全漏洞

HP PC is a computer product of Hewlett-Packard HP Company, USA. The HP PC has a security vulnerability that stems from a potential flaw in the BIOS UEFI firmware that could allow arbitrary code execution...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

jettison: memory exhaustion via user-supplied XML or JSON data

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

Netcad KEOS 代码问题漏洞

Netcad KEOS is Netcad's local management solution that responds to e-municipal needs with secure, integrated data production and management capabilities. A security vulnerability exists in Netcad KEOS version 1.0 that stems from vulnerability to XML External Entity XXE attacks, which can lead to...

PT-2023-34864 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.164 Description: A NULL-deref issue was discovered in the init error path of the EFI module. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

jettison: memory exhaustion via user-supplied XML or JSON data

A vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash, causing memory exhaustion. This effect may support a denial of service attack...

xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the XStream package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

Wireshark 安全漏洞

Wireshark is a network packet analyzer. A security vulnerability exists in Wireshark EAP dissector, which can be exploited by remote attackers to submit a special request that can crash the application...

golang: encoding/xml: stack exhaustion in Decoder.Skip

A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

PT-2023-16252 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the EAP dissector, allowing denial of service via packet injection or crafted capture file. Recommendations: For Wireshark versions 4.0.0 through 4.0.2,...

The vulnerability of the IBM Sterling Partner Engagement Manager software lies in the improper limitation of XML links to external objects, which allows attackers to disclose protected information.

The vulnerability of the IBM Sterling Partner Engagement Manager software relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information...