The vulnerability of the Nokogiri library lies in the improper limitation of XML links to external objects, which allows attackers to perform SSRF attacks or XXE attacks.

The vulnerability of the Nokogiri library is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability allows a remote attacker to perform an SSRF attack or an XXE attack...

Kaspersky Security Vulnerabilities

Kaspersky module is an application component of the Russian company Kaspersky Kaspersky. It provides antivirus protection. A security vulnerability exists in Kaspersky that allows loading of untrusted UEFI modules due to their insufficient authenticity checks...

The vulnerability of the Junos operating system’s EVPN/VXLAN technology allows a attacker to trigger a service failure.

The vulnerability of the EVPN/VXLAN technology implementation in Junos routers of the QFX10K series lies in the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

CVE-2020-35852

Chatbox is affected by cross-site scripting XSS. An attacker has to upload any XSS payload with SVG, XML file in Chatbox. There is no restriction on file upload in Chatbox which leads to stored XSS...

[SECURITY] Fedora 32 Update: libebml-1.4.1-1.fc32

Extensible Binary Meta Language access library A library for reading and writing files with the Extensible Binary Meta Language, a binary pendant to XML...

Cisco FXOS Software Firepower Chassis Manager XSRF (cisco-sa-fxosfcm-csrf-uhO4e5BZ)

According to its self-reported version, Cisco Firepower Extensible Operating System FXOS is affected by a cross-site request forgery vulnerability. The vulnerability is due to insufficient CSRF protections for the FCM interface. An unauthenticated, remote attacker can exploit this vulnerability b...

[SECURITY] Fedora 33 Update: libebml-1.4.1-1.fc33

Extensible Binary Meta Language access library A library for reading and writing files with the Extensible Binary Meta Language, a binary pendant to XML...

The vulnerability of the software control panel of Cisco Firepower Management Center (FMC) allows a intruder to trigger a service failure.

The vulnerability of the Cisco Firepower Management Center’s software management panel is related to errors in processing XML objects. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

UBUNTU-CVE-2021-23926

The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion attacks. Affects XMLBeans up to and including v2.6.0...

The vulnerability in the nsAutoPtr function of browsers like Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to cause a service failure.

The vulnerability of the nsAutoPtr function in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to the use of memory after document processing using the XSLT Extensible Stylesheet Language Transformations language. Exploiting this vulnerability can allow an...

AZL-78900 CVE-2020-29509 affecting package golang 1.25.7-1

The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

Google Go encoding security vulnerability

Google Go encoding is a code library from Google Inc. that provides multiple forms of encoding for data based on the Go language. A security vulnerability exists in the Go encoding/xml package that stems from not properly preserving the semantics of element namespace prefixes, which can be...

SAP BusinessObjects BI Platform 产品安全漏洞

SAP BusinessObjects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. The product features report generation, analytics and data visualization. An XML external entity injection vulnerability exists in SAP BusinessObjects...

DEBIAN-CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity XXE attacks. The highest threat from this vulnerability is data integrity...

The vulnerability of the XHCI interface of USB controllers in VMware ESXi, VMware Workstation, VMware Fusion, and the VMware Cloud Foundation virtualization platform allows a perpetrator to execute arbitrary code.

The vulnerability of the XHCI Extensible Host Controller Interface interface of USB controllers in VMware ESXi, VMware Workstation, VMware Fusion, and VMware Cloud Foundation virtualization platforms is related to the use of memory after release. Exploiting this vulnerability can allow an attacke...

Petl Security Vulnerabilities

Petl is a Pypi package from the Petl Personal Developer that allows access to formatted read and write from files, databases, or other source data. A security vulnerability exists in petl versions prior to 1.68, which stems from allowing entities in XML documents to be parsed in certain...

TYPO3 Input Validation Error Vulnerability (CNVD-2020-65162)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. TYPO3 suffers from a security vulnerability that stems from insufficient validation of user-supplied XML input in RSS widgets, which can be exploited by a remote user to pass specially...

Integer overflow

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2020-11127

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CloudBees Jenkins Subversion Code Issue Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A code issue vulnerability...