IBM Cognos Analytics 代码问题漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. IBM Cognos Analytics suffers fr...

CVE-2021-20492

IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197793...

The vulnerability in the implementation of the Extensible Authentication Protocol over LAN (EAPOL) on the NetBSD operating system allows a perpetrator to induce a service failure.

The vulnerability of the Extensible Authentication Protocol over LAN EAPOL implementation in the NetBSD operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability in the driver/firmware/EFI code of the Linux operating system allows a hacker to bypass security restrictions.

The vulnerability in the driver/firmware/EFI code of the Linux operating system relates to bypassing security functions. Exploiting this vulnerability can allow an attacker to circumvent security restrictions...

Prosodical Thoughts Prosody 授权问题漏洞

Prosodical Thoughts Prosody is a Prosodical Thoughts open source application . A modern XMPP communication server. A security vulnerability exists in Prosody prior to version 0.11.9. A remote attacker could exploit the vulnerability to use the server's bandwidth indefinitely...

CVE-2021-31339

A vulnerability has been identified in Mendix Excel Importer Module All versions V9.0.3. Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework...

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a malicious individual to gain unauthorized access to protected information.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network is caused by insufficient restrictions on XML references to external objects. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using specially created...

DEBIAN-CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...

Siemens Mendix 安全漏洞

Siemens Mendix is a low-code application development platform from Siemens. The platform provides application development, testing, deployment, and iteration. A security vulnerability exists in Siemens Mendix. The vulnerability stems from the system's use of XML file upload table mappings that...

Cisco Firepower Device Manager 代码问题漏洞

Cisco Firepower Device Manager FDM is a firewall device manager from Cisco USA. The product supports access rule configuration, system monitoring, and other features. A code issue vulnerability exists in Cisco Firepower Device Manager that originates from an authenticated, remote attacker obtaini...

glimmer

This is a Python-based framework called Glimmer, which is a poc proof-of-concept framework for various attacks. The framework is designed to be extensible and allows users to write their own parsers for different protocols and targets. The framework has several dependencies, including rich,...

[SECURITY] Fedora 34 Update: ruby-3.0.1-148.fc34

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

ezXML 缓冲区错误漏洞

ezXML is a C library for parsing XML documents . A heap buffer overflow vulnerability exists in libezxml.a in ezXML version 0.8.6. The vulnerability stems from a memory handling error performed by the ezxmldecode function when parsing a specially crafted XML file. An attacker could exploit this...

CVE-2021-0254

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service DoS condition, or leading to remote code execution RCE. Continued receip...

Cypheroth - Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound's Neo4j Backend And Saves Output To Spreadsheets

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets. Description This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database. I found myself re-running the same queries throug...

ezXML 缓冲区错误漏洞

ezXML is a C library for parsing XML documents . An out-of-bounds write vulnerability exists in libezxml.a in ezXML version 0.8.6. The vulnerability stems from a memory handling error performed by the ezxmlinternaldtd function when parsing a specially crafted XML file. An attacker could use this...

Perforce Software Perforce Helix ALM 缓冲区错误漏洞

Perforce Software Perforce Helix ALM is an application software from Perforce Software, Inc. It provides application lifecycle management for products. Perforce Helix ALM 2020.3.1 Build 22 suffers from a buffer error vulnerability that originates from the XML import function of the management...

VulnCheck KEV: CVE-2019-17554

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks...

OESA-2021-1132 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging...

Composr CMS 跨站脚本漏洞

Composr is an open source content management system CMS with advanced social, interactive and dynamic features. A cross-site scripting vulnerability exists in Composr version 10.0.36. The vulnerability can be exploited to conduct cross-site scripting attacks via XML scripts...