Improper restriction of XML external entity references (XXE) in FD Application

Overview FD Application provided by Ministry of Health, Labour and Welfare improperly restricts XML external entity references XXE CWE-611. Toyama Taku and Sakaki Ryutaro of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...

The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.

The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster is related to the execution of operations outside the buffer in memory when processing XML data. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the microprogramming software for routers PHOENIX CONTACT TC ROUTER, TC CLOUD CLIENT, and CLOUD CLIENT arises from incorrect restrictions on XML links to external objects. This allows attackers to cause service failures.

The vulnerability of the microprogramming software for routers PHOENIX CONTACT TC ROUTER, TC CLOUD CLIENT, and CLOUD CLIENT is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failur...

The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.

The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster is related to the execution of operations outside the buffer in memory when processing XML data. Exploiting this vulnerability allows a remote attacker to execute...

CLSA-2023-1695834624 python3: Fix of 2 CVEs

CVE-2021-3177: Replace snprintf to prevent buffer overflow - CVE-2022-48565: Reject XML entity declarations in plist files...

The vulnerability in the software web interface for processing and transmitting confidential data of Progress MOVEit Transfer lies in the lack of validation for XML objects’ sequences, allowing an intruder to gain unauthorized access to the MOVEit Transfer database.

The vulnerability of the software web interface for processing and transmitting confidential data in Progress MOVEit Transfer is related to the lack of verification of the validity of XML objects. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access...

The vulnerability of the “links” function in the Cacti network monitoring software allows a hacker to execute arbitrary SQL queries.

The vulnerability of the “links” function in the Cacti network monitoring software is related to the lack of validation for the sequences of XML objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...

UBUNTU-CVE-2023-3550

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator...

Moderate: Red Hat Security Advisory: dmidecode security update

An update for dmidecode is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

CVE-2022-20917

A vulnerability in the Extensible Messaging and Presence Protocol XMPP message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling ...

Moderate: Red Hat Security Advisory: dmidecode security update

An update for dmidecode is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

The vulnerability of the binary data management service of the software solution allows a perpetrator to execute arbitrary code.

The vulnerability of the binary data management service of the software solution relates to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with administrative privileges by sending a specially crafted Java object in...

GHSA-8CJG-F53M-8M9Q Magento XML Injection vulnerability in the Widgets Update Layout

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privileges can trigger a specially crafted script to achieve remote code execution...

Lexmark Code Issue Vulnerability

Lexmark is a series of printers in the United States. A security vulnerability exists in versions of Lexmark devices prior to 2023-08-25, which stems from an allowed XML External Entity Attack XXE attack that can lead to information disclosure...

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista Corporation. A security vulnerability exists in Arista EOS that stems from a malformed or truncated packet received through a VXLAN tunnel and forwarded in hardware may cause the egress port to fa...

PT-2023-27485 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specif...

USN-6305-1 php8.1 vulnerabilities

It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. CVE-2023-3823 It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitiv...

Security issue with external entity loading in XML without enabling it

...

PT-2023-19685 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: The issue occurs when malformed or truncated packets are received over a VXLAN tunnel and forwarded in hardware on affected platforms running Arista EOS with VXLAN configured. This can...

[SECURITY] Fedora 38 Update: trafficserver-9.2.2-1.fc38

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...