Ruby 路径遍历漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the individual developer, Yukihiro Matsumoto. A path traversal vulnerability exists in REXML in Ruby 2.5.9, which stems from the fact that parsing and serializing a carefully crafted XML document may create an...

PYSEC-2021-34

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries...

CVE-2021-20482

IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504...

The vulnerability of the Cisco Jabber for Windows software platform, related to insufficient validation of input data, allows a perpetrator to trigger a service failure state.

The vulnerability of the Cisco Jabber for Windows software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger a service failure by sending specially crafted XMPP messages...

The vulnerability of the ParserParseDocument() function in UPnP device sets allows a hacker to trigger a service failure.

The vulnerability of the ParserParseDocument function for UPnP devices is related to errors in processing XML entities. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

[SECURITY] Fedora 34 Update: mutter-40.0~rc-1.fc34

Mutter is a window and compositing manager that displays and manages your desktop via OpenGL. Mutter combines a sophisticated display engine using the Clutter toolkit with solid window-management logic inherited from the Metacity window manager. While Mutter can be used stand-alone, it is primari...

[SECURITY] Fedora 34 Update: eog-40~rc-1.fc34

The Eye of GNOME image viewer eog is the official image viewer for the GNOME desktop. It can view single image files in a variety of formats, as well as large image collections. eog is extensible through a plugin system...

Fedora: Security Advisory for libebml (FEDORA-2021-e283997bb9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: libebml-1.4.2-1.fc34

Extensible Binary Meta Language access library A library for reading and writing files with the Extensible Binary Meta Language, a binary pendant to XML...

Compass Plus e-Commerce Payment Gateway 代码问题漏洞

Compass Plus e-Commerce Payment Gateway is an application interface of the Russian company Compass Plus. It provides an API interface for payment functions. A security vulnerability exists in TranzWare e-Commerce Payment Gateway before 3.1.27.5, which is caused by a vulnerability in the XML parse...

CVE-2021-26892

Windows Extensible Firmware Interface Security Feature Bypass Vulnerability...

CVE-2021-26892

Technical details about CVE-2021-26892 (affected product, root cause, impact, fixes) are not provided in the connected documents; no public details are included here. Monitor for updates.

CVE-2021-26892 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

...

Siemens Solid Edge 代码问题漏洞

Siemens Solid Edge is a 3D CAD software from Siemens, Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. Siemens Solid Edge suffers from an XML external entity reference vulnerability. The vulnerability stems from when...

Microsoft Windows 安全漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in the Windows Extensible Firmware Interface. The following products and editions are affected:Windows 10 Version 1607 for x64-based...

PT-2021-2275 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a security feature bypass vulnerability in the Windows Extensible Firmware Interface. This vulnerability allows attackers to bypass existing security restrictions...

[SECURITY] Fedora 33 Update: libebml-1.4.2-1.fc33

Extensible Binary Meta Language access library A library for reading and writing files with the Extensible Binary Meta Language, a binary pendant to XML...

[SECURITY] Fedora 32 Update: libebml-1.4.2-1.fc32

Extensible Binary Meta Language access library A library for reading and writing files with the Extensible Binary Meta Language, a binary pendant to XML...

CVE-2021-26969

A remote authenticated authenticated xml external entity xxe vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Due to improper restrictions on XML entities a vulnerability exists in the web-based management interface of AirWave. A successful exploit...

jenkins: Arbitrary file existence check in file fingerprints

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path...