The vulnerability of the ColdFusion software platform lies in the improper limitation of XML references to external objects. This allows attackers to gain unauthorized access to protected information or circumvent existing security restrictions, thereby causing service failures.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or circumvent existing security...

The vulnerability of the Akamai CloudTest performance testing platform lies in the improper limitation of XML links to external objects, which allows attackers to compromise privacy.

The vulnerability of the Akamai CloudTest performance testing platform relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to compromise privacy...

The vulnerability of the libxml2 library stems from an improper limitation on XML references to external objects, which allows attackers to gain access to arbitrary files on the server or perform network scanning of internal and external infrastructure.

The vulnerability of the libxml2 library is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to arbitrary files on the server or perform network scanning of internal and external infrastructure...

ROS-20240816-14

A vulnerability in the phardirread function of the PHP interpreter is caused by a buffer overflow on the stack. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code Vulnerability in PHP programming language interpreter is related to incorrect restriction of XM...

The vulnerability of the Apache Ivy package manager is related to incorrect restrictions on XML references to external objects. This allows attackers to disclose sensitive information or cause service failures.

The vulnerability of the Apache Ivy package manager is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or cause service failures...

ROS-20240226-02

A vulnerability in Microsoft's .NET Framework software platform is related to incorrectly restricting XML links to external objects. external objects. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...

The vulnerability of the codehaus-plexus framework of Apache Maven is related to an incorrect restriction on XML references to external objects, which allows a hacker to execute arbitrary code.

The vulnerability of the codehaus-plexus framework of Apache Maven is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the software tool for processing and managing financial transactions conducted through the SWIFT international messaging system allows a perpetrator to disclose protected information or compromise the accessibility of that information, due to incorrect restrictions on XML links to external objects in the IBM Financial Transaction Manager for SWIFT Services.

The vulnerability of the software tool for processing and managing financial transactions conducted through the SWIFT messaging system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected...

The vulnerability of the VBASE Automation Base software platform, related to incorrect restrictions on XML references to external objects, allows attackers to trigger service failures or gain unauthorized access to confidential data.

The vulnerability of the VBASE Automation Base software platform relates to incorrect restrictions on XML references pointing to external objects. Exploiting this vulnerability can allow attackers to cause service failures or gain unauthorized access to confidential data...

The vulnerability of the microprogramming software for routers PHOENIX CONTACT TC ROUTER, TC CLOUD CLIENT, and CLOUD CLIENT arises from incorrect restrictions on XML links to external objects. This allows attackers to cause service failures.

The vulnerability of the microprogramming software for routers PHOENIX CONTACT TC ROUTER, TC CLOUD CLIENT, and CLOUD CLIENT is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failur...

Advisory ROSA-SA-2023-2169

software: log4net 1.2.15 OS: ROSA-CHROME packageevrstring: log4net-1.2.15-6.src.rpm CVE-ID: CVE-2018-1285 BDU-ID: 2021-01050 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the logging library to the .NET Framework log4net platform is related to XML external object XXE link restriction errors...

The vulnerability of the ColdFusion software platform arises from an incorrect limitation on the path to the restricted access directory. This allows attackers to execute arbitrary code.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Vinay Kumar and Chintan Shah · July 19, 2022 Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned CVE-2022-30190 in Microsof...

The vulnerability of the software import function of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a hacker to disclose protected information.

The vulnerability of the Cisco Enterprise NFV Infrastructure Software’s software import function NFVIS is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information using specially created...

The vulnerability of the Glances monitoring tool arises from improper restrictions on XML links to external objects. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Glances monitoring tool is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool is related to a deficiency in the restriction on XML references to external objects during the processing of ReportTemplateService parameters. Exploiting this vulnerability can allow an attacker to...

The vulnerability of the Ruby interpreter lies in the improper limitation of XML references to external objects, which allows attackers to compromise the integrity of data.

The vulnerability of the Ruby interpreter is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of data...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the improper limitation of XML links to external objects, which allows attackers to access confidential information.

The vulnerability of the Adobe Experience Manager content and media data management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

Advisory ROSA-SA-2021-1961

Software: redland 1.0.16 OS: Cobalt 7.9 CVE-ID: CVE-2012-0037 CVE-Crit: HIGH CVE-DESC: Redland Raptor also known as libraptor before 2.0.7, used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1 and other products, allows remote attackers, with the help of the user, ...