PT-2019-17081 · Ibm · Ibm Infosphere Global Name Management +1

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Global Name Management versions 5.0 through 6.0 IBM InfoSphere Identity Insight versions 8.1 through 9.0 Description: The issue allows a remote attacker to exploit an XML External Entity Injection XXE attack when processing XML...

XML Entity Injection Vulnerability in S-CMS

S-CMS is Zibo Shining Network Technology Co., Ltd. developed a solution for enterprise station-building products. S-CMS has an XML entity injection vulnerability that can be exploited by attackers to obtain sensitive information...

CVE-2019-1079

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'...

Vulnerability of microprogramming software for Intel processors, allowing attackers to enhance their privileges or cause system failures

The vulnerability of Intel microprogramming software is related to errors in the processing of UEFI variables. Exploiting this vulnerability can allow an attacker to enhance their privileges or cause system failures by disabling system configuration protection...

USN-4040-1 expat vulnerability

It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service...

DEBIAN-CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks...

ALPINE-CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing enough to be usable for denial-of-service attacks...

PYSEC-2019-129

In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections...

CVE-2019-12786

An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key...

The vulnerability of the wpa_supplicant component of the EAP-PWD protocol in wireless communication devices certified by WPA allows attackers to compromise the integrity and confidentiality of data, as well as cause service failures. This vulnerability is related to incorrect authentication procedures.

The vulnerability of the wpasupplicant component of the EAP-PWD protocol in wireless communication devices certified for WPA is related to the failure of the EAP-PWD authentication process without obtaining a password. Exploiting this vulnerability allows an attacker to compromise the integrity a...

The vulnerability of the EAP Server component of the EAP-PWD certification protocol for wireless communication devices with WPA encryption lies in the improper use of privileges, allowing attackers to compromise data integrity and confidentiality or cause service failures.

The vulnerability of the EAP Server component of the EAP-PWD protocol for wireless communication devices certified by WPA is related to the lack of explicit checks on imported elements. These imported elements do not undergo verification of scalar values and values of elements in the...

DEBIAN-CVE-2019-12380

DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and eficallphysprolog in arch/x86/platform/efi/efi64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because...

UBUNTU-CVE-2019-12380

DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and eficallphysprolog in arch/x86/platform/efi/efi64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because...

Linux kernel memory allocation failure mishandling vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. The efi subsystem in Linux kernel 5.1.5 and earlier has a memory allocation failure in arch/x86/platform/efi/efi64.c ...

UBUNTU-CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

DEBIAN-CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

Stack-based Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

Use After Free

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...