The vulnerability of the Ceph storage system, related to pointer swapping errors, allows a attacker to cause a service failure.

The vulnerability of the Ceph storage system is related to errors during the POST request with an invalid XML tag. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Critical Juniper Bug Allows DoS, RCE Against Carrier Networks

A critical remote code-execution vulnerability in Juniper Networks’ Steel-Belted Radius SBR Carrier Edition lays open wireless carrier and fixed operator networks to tampering. The SBR Carrier server is used by telecom carriers to manage policies for how subscribers access their networks – by...

The vulnerability of the clean module in the Lxml library for processing XML and HTML markup lies in its lack of protection measures for website structure. This allows attackers to compromise the integrity of the protected information.

The vulnerability of the clean module in the Lxml library for processing XML and HTML markup is related to improper browser emulation. Exploiting this vulnerability could allow an attacker to compromise the integrity of the protected information...

PT-2021-3765 · Juniper Networks · Sbr Carrier

Name of the Vulnerable Software and Affected Versions: Juniper Networks SBR Carrier versions 8.4.1 through 8.4.1R18 Juniper Networks SBR Carrier versions 8.5.0 through 8.5.0R9 Juniper Networks SBR Carrier versions 8.6.0 through 8.6.0R3 Description: The issue is caused by a stack-based buffer...

golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader

An infinite loop vulnerability was found in golang. If an application defines a custom token parser initializing with xml.NewTokenDecoder it is possible for the parsing loop to never return. An attacker could potentially craft a malicious XML document which has an XML element with EOF within it,...

CVE-2021-1359

A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...

The vulnerability of the “authenticate” function in the console-based image editing tool ImageMagick is related to errors in processing XML requests. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the “authenticate” function in the console-based image editing tool ImageMagick is related to incorrect password filtering. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures...

[SECURITY] Fedora 34 Update: ansible-2.9.23-1.fc34

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

jenkins-2-plugins/config-file-provider: Does not configure its XML parser to prevent XML external entity (XXE) attacks.

A flaw was found in the config-file-provider Jenkins plugin. The plugin XML parser wasn't configure to prevent XML external entity XXE attacks. An attacker with the ability to define Maven configuration files can use this vulnerability to prepare a crafted configuration file that uses external...

ruby: XML round-trip vulnerability in REXML

A flaw was found in the way the Ruby REXML library parsed XML documents. Parsing a specially crafted XML document using REXML and writing parsed data back to a new XML document results in creating a document with a different structure. This issue could affect the integrity of processed data in...

eCNS280 代码问题漏洞

Huawei eCNS280 is the core network equipment of Huawei's wireless broadband trunking system in China. In addition to providing traditional core network functions, it also provides network elements with capacity configurations based on actual applications by virtualizing network element functions...

Infoblox NIOS 安全漏洞

Infoblox NIOS is an operating system that powers Infoblox core network services. It ensures uninterrupted operation of the network infrastructure. A security vulnerability exists in Infoblox NIOS versions prior to 8.5.2, which stems from a program that allows entity expansion during an XML upload...

CVE-2021-28684

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network via an XXE attack...

XML External Entity (XXE) Injection

Overview Glances is an A cross-platform curses-based monitoring tool Affected versions of this package are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks. Details XXE Injection is a type of attack...

GHSA-MM8J-9X84-M9CV Arbitrary code injection in json-sanitizer

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

Cisco Jabber 输入验证错误漏洞

Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The solution provides online status display, instant messaging, voice, and other features. Cisco Jabber suffers from an input validation error vulnerability that originates as a result of...

OESA-2021-1222 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

TianoCore EDK2 加密问题漏洞

EDK2 is a set of cross-platform firmware development environments from the TianoCore Tianocore community based on the UEFI and PI specifications. EDK2 suffers from a cryptographic issue vulnerability that stems from a potential security risk in the example EDK2 encrypted private key in IpSecDxe.e...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to incorrect restrictions on XML links to external objects, allows attackers to compromise the confidentiality and accessibility of protected information.

The vulnerability of the online business analytics service IBM Cognos Analytics is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and accessibility of protected information...

PT-2024-11236 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.45/5.12.12 Description: The issue arises when memory marked as EFI boot services data is not properly mapped as encrypted under SEV, potentially leading to a kernel crash at boot. This occurs because some...