KB5032197: Windows 10 Version 1607 and Windows Server 2016 Security Update (November 2023)

The remote Windows host is missing security update 5032197. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-36402 - Windows Pragmatic General Multicast PGM Remote Code Execution Vulnerability...

KB5032192: Windows 11 version 21H2 Security Update (November 2023)

The remote Windows host is missing security update 5032192. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-36402 - Windows Pragmatic General Multicast PGM Remote Code Execution Vulnerability...

KB5032189: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (November 2023)

The remote Windows host is missing security update 5032189. It is, therefore, affected by multiple vulnerabilities - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability CVE-2023-36402 - Windows Pragmatic General Multicast PGM Remote Code Execution Vulnerability...

[SECURITY] Fedora 39 Update: httpd-2.4.58-1.fc39

The Apache HTTP Server is a powerful, efficient, and extensible web server...

[SECURITY] Fedora 39 Update: trafficserver-9.2.3-1.fc39

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

[SECURITY] Fedora 39 Update: libclc-17.0.2-1.fc39

libclc is an open source, BSD licensed implementation of the library requirements of the OpenCL C programming language, as specified by the OpenCL 1.1 Specification. The following sections of the specification impose library requirements: 6.1: Supported Data Types 6.2.3: Explicit Conversions...

The vulnerability of the Cisco Fabric Services component for NX-OS and Cisco FXOS operating systems in Cisco devices allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Cisco Fabric Services component for NX-OS and Cisco FXOS operating systems in Cisco devices is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information o...

CVE-2022-34832

An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component...

CVE-2022-34832

An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component...

The vulnerability of the TrEEConfigDriver driver, a framework for creating UEFI patches for InsydeH2O, allows a malicious actor to conceal malicious activities by manipulating TPM PCR values and masking the device with virtual data in the Platform Configuration Register (PCR) registers.

The vulnerability of the TrEEConfigDriver driver, which is used by the InsydeH2O UEFI firmware creation framework, is related to security configuration errors. Exploiting this vulnerability can allow attackers to conceal malicious activities by manipulating TPM PCR values and masking the device...

[SECURITY] Fedora 38 Update: httpd-2.4.58-1.fc38

The Apache HTTP Server is a powerful, efficient, and extensible web server...

PT-2023-28883 · Unknown · Cx-Designer

Name of the Vulnerable Software and Affected Versions: CX-Designer versions 3.740 and earlier Description: The issue concerns an improper restriction of XML external entity reference XXE vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information ...

Insyde InsydeH2O Security Breach

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O. An attacker could exploit this vulnerability to...

CVE-2023-45727

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity XXE attacks. By processing a specially crafted request containing...

The vulnerability of the addDv7Probe function in the D-View 8 network device management platform allows a hacker to gain unauthorized access to protected information.

The vulnerability of the addDv7Probe function in the D-View 8 network device management platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the PHP programming language interpreter arises from incorrect restrictions on XML links to external objects. This allows attackers to trigger service failures or gain unauthorized access to confidential data.

The vulnerability of the PHP programming language interpreter is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an attacker to cause service failures or gain unauthorized access to confidential data...

DEBIAN-CVE-2023-42445

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

eap-7: heap exhaustion via deserialization

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result i...

SAMSUNG Mobile devices security vulnerability

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices, which originates from incorrect input validation in the UEFI firmware...

The vulnerability of the EcoStruxure OPC UA Server Expert software, a software tool for managing industrial processes, arises from incorrect restrictions on XML references to external objects. This allows attackers to access confidential information.

The vulnerability of the industrial process management software EcoStruxure OPC UA Server Expert is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability may allow an attacker to access confidential information...