Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

Overview Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

Ministry of Defense Electronic Deliverables Creation Support Tool Security Breach

Ministry of Defense Electronic Deliverables Creation Support Tool is an electronic deliverables creation support tool from Ministry of Defense, Japan. A security vulnerability exists in Ministry of Defense Electronic Deliverables Creation Support Tool Construction Edition version 1.0.4, Electroni...

UBUNTU-CVE-2023-45236

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

CVE-2024-21595

An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. If an attacker sends high rate of specific ICMP traffic to a device with VXLAN...

CVE-2024-22195

CVE-2024-22195 affects Jinja2: the xmlattr filter can accept keys/values that bypass escaping, enabling possible XSS via HTML attribute injection. Public notes show affected packages including python-jinja2 and jinja2, with fixes in 3.1.4 (e.g., Astra Linux entry indicates 3.1.4 as the patch). De...

Juniper Networks Junos OS Security Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS that can cause a PFE to deadlock and cause a...

PT-2024-1132 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 21.4R3 through 21.4R3-S4 Juniper Networks Junos OS versions 22.1R3 through 22.1R3-S3 Juniper Networks Junos OS versions 22.2R2 through 22.2R3-S1 Juniper Networks Junos OS versions 22.3 through 22.3R2-S2,...

The vulnerability of the My Calendar plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries against the database.

The vulnerability of the My Calendar plugin for the WordPress content management system is related to the lack of validation for the consistency of XML objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL queries against the database...

Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2017-5703)

Summary IBM System x, Flex and BladeCenter systems have addressed the following denial of service vulnerability in Unified Extensible Firmware Interface UEFI. Vulnerability Details CVEID: CVE-2017-5703 DESCRIPTION: Multiple Intel platforms are vulnerable to a denial of service, caused by the...

The vulnerability of the Toolgate component in Parallels Desktop hypervisor allows a hacker to execute arbitrary code and increase their privileges.

The vulnerability of the Toolgate supervisor in Parallels Desktop is related to errors in XML request processing. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

eap-galleon: custom provisioning creates unsecured http-invoker

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server...

The vulnerability of Siemens OPC UA Modeling Editor (SiOME) relates to incorrect restrictions on XML references to external objects, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Siemens OPC UA Modeling Editor SiOME is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information...

The vulnerability of the Splunk Enterprise platform for operational analysis, related to errors in processing XML requests, allows a perpetrator to execute arbitrary code.

The vulnerability of the Splunk Enterprise platform for operational analysis is related to errors in processing XML requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Adobe RoboHelp Security Vulnerability

Adobe RoboHelp is a software application from Adobe, Inc. Next-generation software for authoring and publishing help, strategy and knowledge base content. A security vulnerability exists in Adobe RoboHelp version 11.4 and prior versions, which stems from the presence of an XML External Entity...

The vulnerability of the Protected Extensible Authentication Protocol (PEAP) implementation in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Protected Extensible Authentication Protocol PEAP implementation in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted PEAP packets...

CVE-2023-36028

Microsoft Protected Extensible Authentication Protocol PEAP Remote Code Execution Vulnerability...

CVE-2023-36028 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

...

CVE-2023-36028 Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability

...

kernel: xhci: Remove device endpoints from bandwidth list when freeing the device

A null pointer/list corruption flaw was found in the Linux kernel USB xHCI host controller code. When the xHCI host is dying or being removed, some device endpoints may remain on the software bandwidth list. Later cleanup deletes entries that were already freed, corrupting the list and crashing t...

PT-2023-6924 · Microsoft · Peap +1

Name of the Vulnerable Software and Affected Versions: Microsoft Protected Extensible Authentication Protocol PEAP affected versions not specified Description: The issue is related to insufficient input validation in the implementation of the Protected Extensible Authentication Protocol PEAP in...