PT-2022-18882 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver EP Web Page Composer affected versions not specified Description: The issue arises from insufficient validation of an XML document accepted from an untrusted source. This allows an adversary to exploit unprotected XML parking at...

shim 缓冲区错误漏洞

shim is a simple HTTP service for SciDB. A buffer error vulnerability exists in shim that stems from a buffer overflow when loading a specially crafted EFI image...

[SECURITY] Fedora 35 Update: weechat-3.5-2.fc35

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 34 Update: weechat-3.5-2.fc34

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

Fedora: Security Advisory for weechat (FEDORA-2022-d165104234)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the PJSIP multimedia communication library, related to executing a loop with an unavailable exit condition, allows attackers to cause service failures.

The vulnerability of the PJSIP multimedia communication library is related to the execution of a loop with an unavailable exit condition during syntactic analysis of XML files. Exploiting this vulnerability can allow a malicious actor to cause service failures...

PT-2022-11716 · Mini-Xml · Mini-Xml

Name of the Vulnerable Software and Affected Versions: Mini-XML version 3.2 Description: A stack buffer overflow exists in Mini-XML. When inputting an unformed XML string to the "mxmlLoadString" API, it will cause a stack-buffer-overflow in mxml string getc. Note that it is unclear whether this...

May 19, 2022—KB5015019 (OS Build 14393.5127) Out-of-band

May 19, 2022—KB5015019 OS Build 14393.5127 Out-of-band Note: To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an anonymous survey for you to share your comments and feedback. 11/19/20 For information about Window...

May 19, 2022—KB5015018 (OS Build 17763.2931) Out-of-band

May 19, 2022—KB5015018 OS Build 17763.2931 Out-of-band Note: To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an anonymous survey for you to share your comments and feedback. 11/17/20 For information about Window...

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serv...

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serve...

expat: Integer overflow in lookup in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

PT-2022-20428 · Jenkins · Jenkins Storable Configs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have...

The vulnerability of the software import function of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a hacker to disclose protected information.

The vulnerability of the Cisco Enterprise NFV Infrastructure Software’s software import function NFVIS is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information using specially created...

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization, via XML. Details Cross-site scripting or XSS is a code...

GHSA-8GWC-X7MG-7P7P Apache XML Security For Java vulnerable to Infinite Loop

Affected versions of xmlsec are subject to a denial of service vulnerability. Should a user check the signature of a message larger than 512 MB, the method expandSizeint newPos of class org.apache.xml.security.utils.UnsyncByteArrayOutputStream goes in an endless loop. A remote attacker could use...

GHSA-254Q-RP36-V2M8 Missing XML Validation in Apache CXF

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...

CVE-2021-27777

XML External Entity XXE injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references...

TwelveMonkeys ImageIO 代码问题漏洞

TwelveMonkeys ImageIO is an add-on plug-in and extension for ImageIO for Java from the Norwegian individual developer Harald Kuhr. A security vulnerability exists in TwelveMonkeys ImageIO versions prior to 3.7.1, which stems from an insecure initialization of the XML parser that reads XMP metadat...

Apache Jena 代码问题漏洞

Apache Jena is a Java Semantic Web framework from the U.S. Apache Apache Foundation. It is used to build semantic Web and linked data applications. Apache Jena suffers from an XML external entity injection vulnerability, which stems from a Web system or product that does not set the correct filte...