Mozilla Firefox 安全特征问题漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature problem in which iframe sandboxing rules are not properly applied to XSLT style sheets and an attacker can use the vulnerability to bypass implemented security restrictio...

Antenna House Office Server Document Converter 代码问题漏洞

Antenna House Office Server Document Converter Osdc is an office server document converter from Antenna House USA. It is used to batch convert Word, Excel and Powerpoint into high quality Pdf or image formats that are easy to share and look accurate on any screen. A code issue vulnerability exist...

The vulnerability of the VXLAN Operation, Administration, and Maintenance (OAM) function of the Cisco NX-OS operating system allows a attacker to trigger a maintenance failure.

The vulnerability of the VXLAN Operation, Administration, and Maintenance OAM function of the Cisco NX-OS operating system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to trigger maintenance failures remotely...

USN-5110-1 ardour vulnerability

It was discovered that Ardour incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

[SECURITY] Fedora 33 Update: httpd-2.4.51-1.fc33

The Apache HTTP Server is a powerful, efficient, and extensible web server...

[SECURITY] Fedora 35 Update: httpd-2.4.51-2.fc35

The Apache HTTP Server is a powerful, efficient, and extensible web server...

TinyXML 安全漏洞

TinyXML is a C++ XML parser that can be easily integrated into other programs. An infinite loop vulnerability exists in TiXmlParsingData::Stamp in tinyxmlparser.cpp in TinyXML 2.6.2 and earlier. An attacker can exploit this vulnerability to cause a denial of service via a specially crafted XML...

CVE-2021-41130

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

CVE-2021-41130

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

Authorization

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

CVE-2021-41130

CVE-2021-41130 affects Extensible Service Proxy (ESP), specifically ESPv1, where the verified JWT claim is exposed to the application via the HTTP header X-Endpoint-API-UserInfo. If a client sends two such headers, ESPv1 only replaces the first, allowing the second header to reach the application...

CVE-2021-41130 X-Endpoint-API-UserInfo can be spoofed in cloudendpoints Extensible Service Proxy

Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use ...

Extensible Service Proxy 安全漏洞

Extensible Service Proxy ESP is a proxy that enables API management for JSON/REST or gRPC API services. A security vulnerability exists in Extensible Service Proxy. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

Cisco Identity Services Engine 代码问题漏洞

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform regulates the network by collecting real-time information from the network, users, and devices to develop and enforce policies. A code issue vulnerability...

PT-2021-18096 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9 and below Description: The issue allows a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account through an XML Signature Wrapping Attack. It is...

Google Extensible Service Proxy Header Forgery

Extensible Service Proxy a.k.a. ESP is an open source software by Google assisting Cloud Endpoints, a product on Google Cloud Platform. ESPv1 is an nginx based proxy which enables API management capabilities for JSON/REST or gRPC API services. In a typical deployment, ESP is running and fronting...

[SECURITY] Fedora 35 Update: httpd-2.4.49-1.fc35

The Apache HTTP Server is a powerful, efficient, and extensible web server...

VMware vCenter Server 资源管理错误漏洞

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A resource management error vulnerability...

golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader

An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with xml.NewTokenDecoder it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with EOF within it,...

CVE-2021-30137

Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through several access points...