Siemens EFI Boot Guard 输入验证错误漏洞

Siemens EFI Boot Guard is a simple UEFI boot loader from Siemens Germany. A code execution vulnerability exists in Siemens EFI Boot Guard versions prior to 0.15, which stems from insufficient input validation and cleanup, and can be exploited by an attacker to execute arbitrary code in privileged...

UBUNTU-CVE-2023-3823

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

SUSE CVE-2023-28841

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

XML Injection

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to XML Injection through the XML processing mechanism. An attacker can read arbitrary files on the system by crafting malicious XML input. Remediation...

PT-2023-5322 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.6-p1 and earlier Adobe Commerce versions 2.4.5-p3 and earlier Adobe Commerce versions 2.4.4-p4 and earlier Description: The issue is related to errors in processing XML requests, which could allow a remote attacker...

Insyde InsydeH2O Input Validation Error Vulnerability

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O versions 5.0 through 5.5, which stems from...

CVE-2023-37497

The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks XXE against the backend service...

CVE-2023-25600

An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016...

DEBIAN-CVE-2022-4909

Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. Chromium security severity: Low...

[SECURITY] Fedora 37 Update: aerc-0.15.2-1.fc37

Aerc is an email client that runs in your terminal. It's highly efficient and extensible, perfect for the discerning hacker...

[SECURITY] Fedora 38 Update: aerc-0.15.2-1.fc38

Aerc is an email client that runs in your terminal. It's highly efficient and extensible, perfect for the discerning hacker...

AZL-35252 CVE-2022-28737 affecting package shim for versions less than 15.8-3

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

The vulnerability of the ezxml_internal_dtd function in the XML document syntax analysis library ezXML allows a attacker to cause a service failure.

The vulnerability of the ezxmlinternaldtd function in the XML document syntax analysis library ezXML is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created XML file...

The vulnerability of the ezxml_parse_str function in the ezXML XML document syntax analysis library allows a attacker to cause a service failure.

The vulnerability of the ezxmlparsestr function in the ezXML XML syntax analysis library involves reading data beyond the allowable buffer size. Exploiting this vulnerability allows a malicious actor to cause service failures by using a specially created XML file...

Jenkins Plugin External Monitor Job Type 代码问题漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PYSEC-2023-96

requests-xml v0.2.3 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...

woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

Chrome Internal JavaScript Object Access Via Origin Trials

Chrome: Internal JavaScript object access via Origin Trials VULNERABILITY DETAILS 1. JSObject::DefineAccessor doesn't ensure that the receiver object is in a valid state before creating an accessor property. This allows callers to extend non-extensible objects and reconfigure non-configurable...

CVE-2023-28026

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

CVE-2023-28060

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...