2082 matches found
Wireshark 安全漏洞
Wireshark is a network packet analyzer. A security vulnerability exists in Wireshark EAP dissector, which can be exploited by remote attackers to submit a special request that can crash the application...
golang: encoding/xml: stack exhaustion in Decoder.Skip
A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...
PT-2023-16252 · Wireshark +3 · Wireshark +3
Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to a crash in the EAP dissector, allowing denial of service via packet injection or crafted capture file. Recommendations: For Wireshark versions 4.0.0 through 4.0.2,...
The vulnerability of the IBM Sterling Partner Engagement Manager software lies in the improper limitation of XML links to external objects, which allows attackers to disclose protected information.
The vulnerability of the IBM Sterling Partner Engagement Manager software relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose sensitive information...
The vulnerability of the import function of the administrative interface module of Cisco Firepower Management Center software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the import function of the administrative interface module of Cisco Firepower Management Center FMC is related to insufficient validation of XML files’ syntax. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information through ...
DEBIAN-CVE-2022-41859
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
ALPINE-CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
UBUNTU-CVE-2022-41859
In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack...
OpenStack 安全漏洞
OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Swift is one of the storage projects used to store permanent static data. A security vulnerability exists in OpenStack that stems from the fact that by providing a specially...
simplexrd 代码问题漏洞
simplexrd is a very simple XRD document parser by Kelvin Mo, a personal developer. A code issue vulnerability exists in versions of simplexrd prior to 3.1.1, which stems from a problem with unknown code in the file simplexrd/simplexrd.class.php, which can lead to xml external entity references...
Vulnerabilities fixed in Lenovo ThinkPad X13s
Vulnerabilities have been fixed in the UEFI implementation of Lenovo ThinkPad X13s systems. The vulnerabilities allow an authenticated user with elevated privileges able to execute arbitrary code and view sensitive data. The complexity of such attacks is high. However, the vulnerabilities are...
PT-2023-9334 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL pointer dereference in the EFI initialization error path. When runtime services are not supported or have been disabled, the runtime services workqueue i...
iText 代码问题漏洞
iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. A code issue vulnerability exists in iText RUPS. An attacker exploits this vulnerability to cause xml external entity references...
Fedora: Security Advisory for trafficserver (FEDORA-2022-489ea47e69)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the EAP-pwd client implementation for Wi-Fi WPA Supplicant allows information disclosure due to incompatibility, enabling attackers to expose sensitive information.
The vulnerability of the EAP-pwd client implementation for Wi-Fi WPA Supplicant is related to the disclosure of information due to incompatibility. This vulnerability allows a malicious actor to disclose the protected information remotely...
[SECURITY] Fedora 37 Update: protobuf-3.19.6-1.fc37
Protocol Buffers are a way of encoding structured data in an efficient yet extensible format. Google uses Protocol Buffers for almost all of its internal RPC protocols and file formats. Protocol buffers are a flexible, efficient, automated mechanism for serializing structured data...
PT-2022-27728 · Unknown · 3D City Database Ogc Web Feature Service
Name of the Vulnerable Software and Affected Versions: 3D City Database OGC Web Feature Service versions up to 5.2.1 Description: A vulnerability was found in the 3D City Database OGC Web Feature Service, which affects some unknown processing and leads to xml external entity reference. The...
FeehiCMS 跨站脚本漏洞
FeehiCMS is a Php-based CMS website builder by Liufee Personal Developer. A security vulnerability exists in FeehiCMS version 2.1.1, which originated from a vulnerability that allows remote attackers to run arbitrary code by uploading a carefully crafted XML file...
pki-core: access to external entities when parsing XML can lead to XXE
A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests...
[SECURITY] Fedora 35 Update: ruby-3.0.5-155.fc35
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...