dotnet: External Entity Injection during XML signature verification

An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information...

dotnet: External Entity Injection during XML signature verification

An information disclosure vulnerability exists in .NET Core and .NET. This issue can lead to unauthorized access to privileged information...

PT-2022-4896 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 and earlier Adobe Commerce versions 2.3.7-p3 and earlier Adobe Commerce versions 2.4.4 and earlier Description: The issue is related to errors in processing XML requests, which can allow a remote attacker to...

PT-2022-4106

Name of the Vulnerable Software and Affected Versions New Horizon Datasys bootloaders before 2022-06-01 Description A flaw was found in the bootloaders, allowing an attacker to bypass or tamper with Secure Boot protections. To load and execute arbitrary code in the pre-boot stage, an attacker nee...

PT-2022-16733 · Red Hat +1 · Kie-Server Apis +1

Name of the Vulnerable Software and Affected Versions: Business Central affected versions not specified Kie-Server APIs affected versions not specified Description: The issue allows an attacker to interfere with an application's processing of XML data through XML external entity injection XXE. Th...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from the CapsuleIFWUSmm driver not...

PT-2022-4307 · Microsoft +3 · Windows +3

Name of the Vulnerable Software and Affected Versions: Eurosoft bootloaders versions prior to 2022-06-01 Description: A flaw was found in Eurosoft bootloaders that allows an attacker to bypass or tamper with Secure Boot protections. To load and execute arbitrary code in the pre-boot stage, an...

golang: encoding/xml: stack exhaustion in Unmarshal

A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the "any" field tag, can cause a panic due to stack exhaustion...

[SECURITY] Fedora 36 Update: golang-gopkg-src-d-git-4-4.13.1-9.fc36

A highly extensible git implementation in pure go...

[SECURITY] Fedora 36 Update: aerc-0.10.0-5.fc36

Aerc is an email client that runs in your terminal. It's highly efficient and extensible, perfect for the discerning hacker...

PT-2022-20749 · Untangle · Untangle

Name of the Vulnerable Software and Affected Versions: untangle versions 1.2.0 and earlier Description: untangle is a python library to convert XML data to python objects. It improperly restricts XML external entity references, allowing a remote unauthenticated attacker to read the contents of...

untangle 代码问题漏洞

untangle is a package from the individual developer Christian Stefanescu in Germany. It is used to convert XML to Python objects. A code issue vulnerability exists in untangle that stems from insufficient validation of user-supplied XML input...

untangle 安全漏洞

untangle is a package from the individual developer Christian Stefanescu in Germany. It is used to convert XML to Python objects. A security vulnerability exists in untangle, which stems from improper restriction of XML entities in DTDs. A remote attacker could use this vulnerability to send a...

OpenKM 代码问题漏洞

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history, and file sharing. A security vulnerability exists in OpenKM Community Edition version 6.3.10 and earlier versions. An attacker could exploit this vulnerability to...

CVE-2022-32458

Digiwin BPM has a XML External Entity Injection XXE vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files...

The vulnerability of the UEFI loader of the Boot Manager of the Windows operating system allows a hacker to circumvent existing security restrictions.

The vulnerability of the UEFI loader of the Windows operating system’s Boot Manager is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to bypass existing security restrictions...

Business-central 代码问题漏洞

Business-central is a software package. A security vulnerability exists in Business-central that stems from the possibility of receiving an XML external entity injection attack...

UBUNTU-CVE-2022-31213

An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file...

[SECURITY] Fedora 35 Update: powerline-go-1.22.1-2.fc35

A Powerline like prompt for Bash, ZSH and Fish. - Shows some important details about the git/hg branch - Changes color if the last command exited with a failure code - If you're too deep into a directory tree, shortens the displayed path with an ellipsis - Shows the current Python virtualenv...

[SECURITY] Fedora 35 Update: kiln-0.3.1-3.fc35

A simple static site generator. Features - Simple - Extensible - Gemini support - Atom feeds - Go templates...