41 matches found
EUVD-2020-17906
Malware in sbrugna...
EUVD-2024-1756
Malicious code in bioql PyPI...
EUVD-2024-3420
Malicious code in bioql PyPI...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2024-52800
The CVE-2024-52800 issue affects veraPDF: when executing policy checks via the CLI using custom Schematron-based policy files, an XSL transformation may enable a remote code execution (RCE) or XXE-type vector. The vulnerability concerns the policy-check workflow (policy profiles with user-provide...
CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
veraPDF-library 代码问题漏洞
veraPDF-library is veraPDF open source an open source PDF/A validation library . A code issue vulnerability exists in veraPDF-library, which stems from the fact that using a custom schematron file enforcement policy check via the CLI invokes an XSL transformation, which could theoretically lead t...
XML Injection
verapdf is vulnerable to Remote Code Execution RCE. The vulnerability is caused by executing policy checks using custom schematron files, which invokes an XSL transformation that could lead to code execution...
CVE-2024-28109
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
CVE-2024-28109
CVE-2024-28109 affects veraPDF-library, a PDF/A validation library. Executing policy checks with custom Schematron files triggers an XSL transformation, which can lead to a remote code execution (RCE). Impact is stated as high severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). The issue is...
Apigee API Security policies howto
The Genesis of Apigee API Security Guidelines In today's digital epoch, APIs Application Programming Interfaces" have ascended to be the fundamental infrastructure underpinning software development - furnishing the medium for diverse software systems to interact and exchange data. Yet, with this...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
Design/Logic Flaw
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet...
CVE-2020-25216
yWorks yEd Desktop before 3.20.1 is affected by a code execution vulnerability triggered by an XSL Transformation when processing an XML file with a custom stylesheet. The root cause is an XSLT processing path that allows arbitrary code execution in the context of the affected application. Affect...
UBUNTU-CVE-2018-5097
A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...
[SECURITY] Fedora 26 Update: openvas-gsa-7.0.2-2.fc26
The Greenbone Security Assistant GSA is a lean web service offering a user web interface for the Open Vulnerability Assessment System OpenVAS. The GSA uses XSL transformation style-sheets that converts OMP responses from the OpenVAS infrastructure into presentable HTML...
USN-3175-2 firefox regression
USN-3175-1 fixed vulnerabilities in Firefox. The update caused a regression on systems where the AppArmor profile for Firefox is set to enforce mode. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple memory safety issues were discovered in...
[SECURITY] Fedora 23 Update: openvas-gsa-6.0.11-3.fc23
The Greenbone Security Assistant GSA is a lean web service offering a user web interface for the Open Vulnerability Assessment System OpenVAS. The GSA uses XSL transformation style-sheets that converts OMP responses from the OpenVAS infrastructure into presentable HTML...