PT-2022-13480 · Mcafee · Mcafee Enterprise Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: McAfee Enterprise ePolicy Orchestrator versions prior to 5.10 Update 13 Description: A XML Extended entity issue allows a remote administrator attacker to upload a malicious XML file through the extension import functionality, resulting in...

The vulnerability of the Magento Commerce software platform for developing and managing online stores relates to errors in processing XML requests, which allows a hacker to execute arbitrary code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to errors in processing XML requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Magento Commerce software platform for developing and managing online stores relates to errors in processing XML requests, which allows a hacker to execute arbitrary code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to errors in processing XML requests. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2021-45968

An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x and in other products. An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394...

expat: Integer overflow in function XML_GetBuffer

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

expat: Integer overflow in nextScaffoldPart in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

Microweber 跨站脚本漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A file upload vulnerability exists in versions of Microweber prior to 1.2.12, which stems from a lack of validation of...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

showdoc 跨站脚本漏洞

showdoc is open source a great tool for IT teams to share documents online. A security vulnerability exists in showdoc before 2.10.2. The vulnerability allowed .xml to store cross-site scripting attack payloads via uploaded attachments in the format found in the document library...

CVE-2022-26661

An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...

PYSEC-2022-43170

An XXE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user...

PYSEC-2022-43171

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

UBUNTU-CVE-2022-26662

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

Mozilla: Use-after-free in XSLT parameter processing

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw...

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations

A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...

The vulnerability of the FvbServicesRuntimeDxe component in the InsydeH2O UEFI firmware creation framework allows a attacker to escalate their privileges.

The vulnerability of the FvbServicesRuntimeDxe component in the InsydeH2O UEFI firmware creation framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of the SdHostDriver component in the InsydeH2O UEFI firmware creation framework allows a attacker to execute arbitrary code on the target system.

The vulnerability of the SdHostDriver component in the InsydeH2O UEFI firmware creation framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system...

CVE-2020-14478

A local, authenticated attacker could use an XML External Entity XXE attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-lev...