CVE-2021-46163

Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem...

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including but not limited to: Burt Force brute force, XSS cross-site scripting, CSRF cross-site request...

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System.Insyde InsydeH2O is vulnerable to a buffer overflow A buffer overflow vulnerability exists in InsydeH2O, whi...

[SECURITY] Fedora 34 Update: mutter-40.7-1.fc34

Mutter is a window and compositing manager that displays and manages your desktop via OpenGL. Mutter combines a sophisticated display engine using the Clutter toolkit with solid window-management logic inherited from the Metacity window manager. While Mutter can be used stand-alone, it is primari...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats, related to improper code generation management, allows attackers to execute commands on the host.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to execute commands on the host by manipulating the processed input data...

CVE-2021-44556

National Library of the Netherlands digger 6697d1269d981e35e11f240725b16401b5ce3db5 is affected by a XML External Entity XXE vulnerability. Since XML parsing resolves external entities, a malicious XML stream could leak internal files and/or cause a DoS...

The vulnerability of the Adobe XMP-Toolkit-SDK software, related to breaching the initial buffer boundary, allows a perpetrator to execute arbitrary code in the context of the current user.

The vulnerability of the Adobe XMP-Toolkit-SDK lies in the violation of the buffer’s initial boundary. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user, through a specially created application...

The vulnerability of the Mozilla Firefox browser, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of the Mozilla Firefox browser is related to errors in the configuration of security rules for iframe-based tables in XSLT stylesheets. Exploiting this vulnerability allows an attacker to circumvent existing security restrictions by using iframes to bypass limitations such as...

The vulnerability of the corporate application store server, Citrix StoreFront, allows attackers to perform XXE attacks.

The vulnerability of the corporate application store server Citrix StoreFront is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

JVMXRay - Make Java Security Events Of Interest Visible For Analysis

JVMXRay is a technology for monitoring access to system resources within the Java Virtual Machine. It’s designed with application security emphasis but some will also find it beneficial for software quality processes and diagnostics. More about Oracle Java Duke mascot... Contact/Chat Group New ch...

CVE-2021-0071

Improper input validation in firmware for some IntelR PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows a hacker to cause a service failure due to uncontrolled resource consumption.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to an uncontrolled resource consumption. Exploiting this vulnerability may allow a malicious actor to cause a service failure by consuming excessive resources on the central processor...

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats allows attackers to download files of dangerous types indefinitely. This enables attackers to upload and execute arbitrary code from a remote host.

The vulnerability of the Xstream Java library for converting objects into XML or JSON formats is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow an attacker to download and execute arbitrary code from a remote host by...

The vulnerability of the Adobe XMP-Toolkit-SDK software, related to buffer overflows in the stack, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe XMP-Toolkit-SDK software is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

PT-2021-14732 · Jenkins · Jenkins Perforce Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Performance Plugin versions 3.20 and earlier Description: The issue is related to the XML parser not being configured to prevent XML external entity XXE attacks. This allows attackers who can control workspace contents to have Jenkins...

Boofuzz - Network Protocol Fuzzing for Humans

Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything. Why? Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance. Features Like Sulley,...

Eclipse Cyclone DDS 代码问题漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. A code issue vulnerability exists in Eclipse Cyclone DDS that stems from the product's failure to properly handle write-what-where logic. The vulnerability allows an attacker to...

The vulnerability of the software for creating metadata, processing, and exchanging data according to the Adobe XMP-Toolkit-SDK standards, related to reading beyond the buffer in memory, allows attackers to disclose protected information.

The vulnerability of the software for creating metadata, processing, and exchanging data according to the Adobe XMP-Toolkit-SDK is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...

edk2: unlimited FV recursion, round 2

A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...