ZOHO ManageEngine ServiceDesk Plus 代码问题漏洞

ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates Incident Management, Problem Management, Asset Management, IT Project Management, Procurement and Contract Management, and...

The vulnerability of the IpSecDxe.efi component in the open-source UEFI development environment EDK2 allows a attacker to access confidential data.

The vulnerability of the IpSecDxe.efi component in the open-source UEFI EDK2 development environment is related to pointer swapping errors. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

The vulnerability in the open-source development environment for UEFI EDK2, related to uncontrolled recursion, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of open-source development environments for UEFI EDK2 is related to uncontrolled recursion. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...

PT-2024-11867 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises from the EFI page table being initially created as a copy of the kernel page table. When VMAP STACK is enabled, kernel stacks are allocated in the vmalloc area. If the...

GHSA-4598-WCG8-X56G XML External Entity Reference in Jenkins Violations Plugin

Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers to control XML input files for the 'Report Violations' post-build step to have agent processes parse a crafted file that uses external entities for extraction o...

The vulnerability of the proprietary file system Windows Extensible File Allocation Table in the Windows operating system allows a hacker to increase their privileges.

The vulnerability of the proprietary file system, Windows Extensible File Allocation Table, in the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...

PT-2022-27497 · Jenkins · Jenkins Cccc Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins CCCC Plugin version 0.6 and earlier Description: The issue is related to the configuration of the XML parser, which does not prevent XML external entity XXE attacks. Recommendations: For Jenkins CCCC Plugin version 0.6 and earlier,...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O IdeBusDxe, which arises from the vulnerability of...

OESA-2022-2080 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The outputcan be a simple SAX stream...

OESA-2022-2068 strongswan security update

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. Security Fixes: In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually...

Fedora: Security Advisory for weechat (FEDORA-2022-88252e4f80)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-41050

Windows Extensible File Allocation Table Elevation of Privilege Vulnerability...

CVE-2022-41050

Technical details about CVE-2022-41050 are not publicly available in the provided documents. No product/version/root-cause/exploit information is given here. Monitor for updates from official advisories and vulnerability databases.

php: Special character breaks path in xml parsing

A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality...

expat: Integer overflow in defineAttribute in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

PT-2022-5447 · Microsoft · Windows Extensible File Allocation Table +1

Name of the Vulnerable Software and Affected Versions: Windows Extensible File Allocation Table affected versions not specified Description: The issue is related to insufficient access control in the Windows Extensible File Allocation Table file system, which can be exploited to elevate privilege...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Windows Extensible File Allocation. The following products and versions are affected:Windows 10 Version 1809 for 32-bit...

The vulnerability of the jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java component of the Apache Santuario XML Security for Java platform, which allows a attacker to replace the XML signature.

The vulnerability in the jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java component of the Apache Santuario XML Security for Java platform is related to data encryption errors. Exploiting this vulnerability could allow an attacker to replace the XML signature using the...

Trellix IPS Manager 代码问题漏洞

Trellix IPS Manager is a next-generation IPS for local and virtual networks from American FireEye Trellix. A security vulnerability exists in Trellix IPS Manager versions prior to 10.1 M8, which stems from the ability to import a saved XML configuration file through an external entity attack by a...