29 matches found
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
EUVD-2022-1470
Malicious code in bioql PyPI...
Announcing the CVRF API 3.0 upgrade
At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting CVRF API. This update...
PatchaPalooza - A Comprehensive Tool That Provides An Insightful Analysis Of Microsoft's Monthly Security Updates
A comprehensive tool that provides an insightful analysis of Microsoft's monthly security updates. IF you are interested in seing all this data in a live website, visit: https://patchapalooza.com PatchaPalooza uses the power of Microsoft's MSRC CVRF API to fetch, store, and analyze security updat...
セキュリティ更新プログラムガイド CVRF API での CBL-Mariner CVE の 公開について
本ブログは、Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API の抄訳版です。最新の情報は原文を参照してください。...
Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide SUG Common Vulnerability Reporting Framework CVRF API. CBL-Mariner is a Linux distribution built by Microsoft to power Azure’s cloud and edge products and services and i...
Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide SUG Common Vulnerability Reporting Framework CVRF API. CBL-Mariner is a Linux distribution built by Microsoft to power Azure’s cloud and edge products and services and i...
Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
Microsoft is pleased to announce that beginning January 11, 2023, we will publish CBL-Mariner CVEs in the Security Update Guide SUG Common Vulnerability Reporting Framework CVRF API. CBL-Mariner is a Linux distribution built by Microsoft to power Azure’s cloud and edge products and services and i...
GHSA-M8GQ-83GH-V42V XML External Entities Vulnerability in CVRF-CSAF-Converter
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
XML External Entities Vulnerability in CVRF-CSAF-Converter
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
Xxe
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities XXE. This leads to the inclusion of arbitrary local file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter...
CVE-2022-27193
The CVRF-CSAF-Converter (Python tool) is vulnerable to XML External Entities (XXE) in versions before 1.0.0-rc2, allowing an attacker to disclose arbitrary local files from the system running the converter. The issue arises from XXE handling in the input processing. Remediation: upgrade to 1.0.0-...
PT-2022-18280 · Unknown · Cvrf-Csaf-Converter
Name of the Vulnerable Software and Affected Versions: CVRF-CSAF-Converter versions prior to 1.0.0-rc2 Description: The issue allows for the inclusion of arbitrary local file content into the generated output document due to XML External Entities XXE. This can be exploited by an attacker to...
Continuing to Listen: Good News about the Security Update Guide API!
Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. Were happy to make this valuable public...
Continuing to Listen: Good News about the Security Update Guide API!
Based on user feedback we have simplified programmatic access to the security update data by removing the authentication and API-Key requirements when using the CVRF API. You will no longer have to log in to obtain a personal API key to access the data. We're happy to make this valuable public...
Oracle E-Business Suite Multiple Vulnerabilities (Apr 2019 CPU)
The version of Oracle E-Business installed on the remote host is missing the April 2019 Oracle Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities as noted in the April 2019 Critical Patch Update advisory : - An unspecified flaw exists in the Oracle Advanced Outbound...
MySQL Enterprise Monitor 3.4.x < 3.4.8 / 4.0.x < 4.0.5 / 8.0.x < 8.0.1 Multiple Vulnerabilities (July 2018 CPU)
According to its self-reported version, the MySQL Enterprise Monitor application running on the remote host is 3.4.x prior to 3.4.8, or 4.0.x prior to 4.0.5, or 8.0.x prior to 8.0.1. It is, therefore, affected by multiple vulnerabilities as noted in the July 2018 Critical Patch Update advisory...
Oracle VM VirtualBox < 5.2.16 Multiple Vulnerabilities (July 2018 CPU)
The version of Oracle VM VirtualBox running on the remote host is 5.2.x prior to 5.2.16. It is, therefore, affected by multiple vulnerabilities as noted in the April 2018 Critical Patch Update advisory : - An unspecified vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization...