UBUNTU-CVE-2024-3572

The scrapy/scrapy project is vulnerable to XML External Entity XXE attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, ...

CVE-2024-3572

CVE-2024-3572 – Summary The Scrapy project (scrapy/scrapy) is vulnerable to XML External Entity (XXE) attacks due to parsing untrusted XML with lxml.etree.fromstring without proper validation. The underlying issue lies in how XML is parsed, enabling a remote attacker to cause denial of service, a...

The vulnerability in the implementation of IPSec protocols for the HiLCOS operating system in wireless access points OpenBAT and BAT450-F allows a hacker to circumvent firewall policies.

The vulnerability of the implementation of IPSec protocols in the HiLCOS operating system for wireless access points OpenBAT and BAT450-F is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to circumvent firewall policies from a remote...

Design/Logic Flaw

The fetch API in Tightrope Media Carousel before 7.1.3 has CarouselAPI/v0/fetch?url= SSRF. This has two potential areas for abuse. First, a specially crafted URL could be used in a phishing attack to hijack the trust the user and the browser have with the website and could serve malicious content...

Apache Flex BlazeDS 4.7.1 SSRF

CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 Severity: Important Vendor: The Apache Software Foundation Versions Affected: BlazeDS 4.7.0 and 4.7.1 Description: The code in BlazeDS to deserialize AMF XML datatypes allows so-called SSRF Attacks Server Side Request Forgery in which...

[SECURITY] [DSA 2652-1] libxml2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2652-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 24, 2013 http://www.debian.org/security/faq -...

Debian DSA-2652-1 : libxml2 - external entity expansion

Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing...

[SECURITY] [DSA 2652-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2652-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 24, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2652-1 (libxml2 - external entity expansion)

Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing...

DSA-2652-1 libxml2 - external entity expansion

Bulletin has no description...

Debian: Security Advisory (DSA-2652-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...