kernel: lockdown: bypass through ACPI write via efivar_ssdt

A flaw was found in how the ACPI table loading through the EFI variable and the related efivarssdt boot option was handled when the Linux kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerabilit...

Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence

Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence. To learn more about Tsunami, visit our documentations. Tsunami relies heavily on its plugin system to provide basic scanning capabilities. All...

PT-2020-9930 · Eclipse · Eclipse Web Tools Platform

Name of the Vulnerable Software and Affected Versions: Eclipse Web Tools Platform versions prior to 3.18 2020-06 Description: The issue allows XML and DTD files referring to external entities to be exploited, sending the contents of local files to a remote server when edited or validated. This ca...

Rockwell Automation Logix Designer Studio 5000 Code Issue Vulnerability

Rockwell Automation Logix Designer Studio 5000 is the United States Rockwell Rockwell Automation company's set of logic controller programming software. A code issue vulnerability exists in Rockwell Automation Logix Designer Studio 5000 version 32.00, version 32.01, and version 32.02, which arise...

[SECURITY] Fedora 32 Update: libldb-2.1.4-1.fc32

An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases...

Jeesite suffers from an XML entity injection vulnerability

JeeSite is an enterprise information technology development infrastructure platform , Java enterprise applications open source framework. Jeesite has an XML entity injection vulnerability that can be exploited by attackers to obtain sensitive information...

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

expat: heap-based buffer over-read via crafted XML input

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

The vulnerability of the /rpc/api component of the Red Hat Spacewalk system management software allows a attacker to disclose sensitive information, cause service failures, or execute arbitrary code.

The vulnerability of the /rpc/api component of the Red Hat Spacewalk software suite relates to incorrect restrictions on XML links to external objects. Exploitation of this vulnerability could allow a malicious actor to disclose sensitive information, cause service failures, or execute arbitrary...

Attentive Home Attentive Cat (imcat) suffers from an XML entity injection vulnerability

imcat is a PHP-based open source website building system . Thoughtful Home Thoughtful Cat imcat has an XML entity injection vulnerability that can be exploited by an attacker to gain control of the server...

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

The vulnerability of the xHCI component in the Oracle VM VirtualBox virtual machine allows a hacker to gain unauthorized access to protected information.

The vulnerability of the xHCI component in Oracle VM VirtualBox is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

PostgreSQL JDBC Driver Code Issue Vulnerability

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A code issue exists in PostgreSQL JDBC Driver PgJDBC versions prior...

The vulnerability of the central control server of SiNVR 3 Central Control Server lies in security flaws in the XML-based communication protocol, allowing attackers to perform arbitrary actions on the vulnerable device.

The vulnerability of the central control server of SiNVR 3 Central Control Server is related to security vulnerabilities in the XML-based communication protocol. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device remotely...

The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box allows a hacker to trigger a maintenance failure.

The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box devices is related to an operation where data escapes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...

Palo Alto Networks PAN-OS Buffer Overflow Vulnerability (CNVD-2020-31586)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A security vulnerability exists in the XSLT processing logic in Palo Alto Networks PAN-OS. An attacker could exploit this vulnerability to upload and execute malicious files with...

kernel: some ipv6 protocols not encrypted over ipsec tunnel

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

kernel: some ipv6 protocols not encrypted over ipsec tunnel

A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data...

USN-4337-1 openjdk-8, openjdk-lts vulnerabilities

It was discovered that OpenJDK incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service while processing a specially crafted regular expression. CVE-2020-2754, CVE-2020-2755 It was discovered that OpenJDK incorrectly handled class...