The vulnerability of the task and project management service WEEEK lies in the lack of measures taken to protect the website structure, allowing a perpetrator to execute arbitrary JavaScript code.

The vulnerability of the WEEEK task and project management service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code by loading an XML file...

The vulnerability of Cobalt Ashlar-Vellum’s parametric automated design and 3D modeling software lies in the inability to properly manage memory boundaries during data writing. This allows a malicious actor to execute arbitrary code.

The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the issue of writing beyond buffer boundaries in memory during the processing of XE format files. Exploiting this vulnerability allows an attacker to execute arbitrary code...

DEBIAN-CVE-2024-29214

Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

UBUNTU-CVE-2023-43758

Improper input validation in UEFI firmware for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access...

UBUNTU-CVE-2024-28127

Improper input validation in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

Intel Processors 输入验证错误漏洞

Intel Processors are a family of processors from Intel Corporation USA. Intel Processors suffers from an input validation error vulnerability that stems from improper UEFI firmware input validation, which could allow a privileged user to elevate privileges via local access...

Intel Processors 输入验证错误漏洞

Intel Processors are a family of processors from Intel Corporation USA. Intel Processors suffers from an input validation error vulnerability that stems from improper UEFI firmware input validation, which could allow a privileged user to disclose information via local access...

Intel Processors 安全漏洞

Intel Processors are a family of processors from Intel Corporation USA. A security vulnerability exists in Intel Processors that stems from improper initialization of the OutOfBandXML module of the UEFI firmware, which could allow a privileged user to disclose information via local access...

Intel Processors 输入验证错误漏洞

Intel Processors are a family of processors from Intel Corporation USA. Intel Processors suffers from an input validation error vulnerability that stems from improper UEFI firmware input validation, which could allow a privileged user to elevate privileges via local access...

firefox: thunderbird: Use-after-free in XSLT

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: fix a kernel panic when sending untagged traffic via a VxLAN device. This issue occurs during the check for fragmentation in brnfdevqueuexmit. It depends on the following conditions: 1 The brnetfilter modu...

UBUNTU-CVE-2024-39279

Insufficient granularity of access control in UEFI firmware in some IntelR processors may allow a authenticated user to potentially enable denial of service via local access...

PT-2025-6631

Name of the Vulnerable Software and Affected Versions IntelR Processors affected versions not specified Description The issue is related to improper input validation in UEFI firmware for some IntelR Processors. This may allow a privileged user to potentially enable escalation of privilege via loc...

USN-7256-1 ruby2.7 vulnerabilities

It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service...

IBM EntireX 代码问题漏洞

IBM EntireX is a versatile middleware solution from International Business Machines IBM designed to facilitate seamless integration between core enterprise applications and modern applications. A code issue vulnerability exists in IBM EntireX that stems from vulnerability to XML external entity...

CVE-2024-4679

Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-0...

DEBIAN-CVE-2025-1009

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: CVE-2024-34064, CVE-2024-22195: HTML attribute injection when passing user input as keys to xmlattr filter bsc1223980, bsc1218722 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

The vulnerability of the library for processing XML and HTML markup, Lxml, is related to the use of the NULL pointer pointer. This allows a malicious actor to cause a service failure.

The vulnerability of the Lxml library for processing XML and HTML markup is related to errors in pointer manipulation involving NULL pointers. Exploiting this vulnerability could allow an attacker to cause service failures...

CVE-2024-53319

A heap buffer overflow in the XML Text Escaping component of Qualisys C++ SDK commit a32a21a allows attackers to cause Denial of Service DoS via escaping special XML characters...