[SECURITY] Fedora 35 Update: aerc-0.10.0-4.fc35

Aerc is an email client that runs in your terminal. It's highly efficient and extensible, perfect for the discerning hacker...

CVE-2022-22217

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a Denial of Service DoS. The issue is caused by malformed MLD packets looping on a multi-homed Ethernet Segme...

SAP Business One 代码问题漏洞

SAP Business One is a set of enterprise management software from SAP. The software includes functions such as financial management, operations management and human resource management. A denial-of-service vulnerability exists in SAP Business One version 10.0, which stems from improper input clean...

Siemens SIMATIC 安全漏洞

Siemens SIMATIC is a Siemens configuration software. A security vulnerability exists in Siemens SIMATIC that stems from multiple vulnerabilities that allow an attacker to use Independent BIOS Developers via UEFI...

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

php: Special character breaks path in xml parsing

A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality...

[SECURITY] Fedora 36 Update: kiln-0.2.0-4.fc36

A simple static site generator. Features - Simple - Extensible - Gemini support - Atom feeds - Go templates...

[SECURITY] Fedora 36 Update: golang-gopkg-src-d-git-4-4.13.1-8.fc36

A highly extensible git implementation in pure go...

WordPress plugin Import any XML or CSV File 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. WordPress Import any XML or CSV File plugin versions prior to 3.6.8 are vulnerable to arbitrary file uploads, which originate from accepting all zip files and automatically extracting the zip file without validating the extracted...

CVE-2022-32295

On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component...

CVE-2022-34792

A cross-site request forgery CSRF vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML...

The vulnerability of the Teamcenter product lifecycle management system lies in the improper restriction of XML references to external objects, which allows attackers to perform XXE attacks.

The vulnerability of the Teamcenter product lifecycle management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform XXE attacks remotely...

CVE-2021-40510

XML eXternal Entity XXE in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs...

Malicious code in extensible-enums (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 336896380fb13b7092e55f3756da694bd34818d4178f9cf615e012a4f7f6ed0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2938 Malicious code in extensible-enums (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 336896380fb13b7092e55f3756da694bd34818d4178f9cf615e012a4f7f6ed0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

shim: Buffer overflow when loading crafted EFI images

A flaw was found in shim during the handling of EFI executables. A crafted EFI image can lead to an overflow in shim. This flaw allows an attacker to perform an out-of-bounds write in memory. A successful attack can lead to data integrity, confidentiality issues, and arbitrary code execution...

shim: Buffer overflow when loading crafted EFI images

A flaw was found in shim during the handling of EFI executables. A crafted EFI image can lead to an overflow in shim. This flaw allows an attacker to perform an out-of-bounds write in memory. A successful attack can lead to data integrity, confidentiality issues, and arbitrary code execution...

CVE-2022-32285

A vulnerability has been identified in Mendix SAML Module Mendix 7 compatible All versions V1.16.6, Mendix SAML Module Mendix 8 compatible All versions V2.2.2, Mendix SAML Module Mendix 9 compatible All versions V3.2.3. The affected module is vulnerable to XML External Entity XXE attacks due to...

The vulnerability of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server microprogramming software management devices is related to incorrect restrictions on XML references to external objects. This allows attackers to view the content of any file on the server or perform network scanning on the internal and external infrastructure.

The vulnerability of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server microprogramming software related to external objects’ XML links is due to incorrect restrictions on these links. Exploiting this vulnerability allows a malicious actor to view the...

PT-2022-14123 · WordPress · Export Any Wordpress Data To Xml/Csv

Name of the Vulnerable Software and Affected Versions: Export any WordPress data to XML/CSV WordPress plugin versions prior to 1.3.5 Description: The issue arises from the lack of sanitization of the cpt POST parameter when exporting post data, which is then used in a database query. This leads t...