Lucene search
K

32 matches found

BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.6 views

The vulnerability of the ColdFusion software platform lies in the improper limitation of XML references to external objects. This allows attackers to gain unauthorized access to protected information or circumvent existing security restrictions, thereby causing service failures.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or circumvent existing security...

9.3CVSS5.5AI score0.00548EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.8 views

The vulnerability of the Akamai CloudTest performance testing platform lies in the improper limitation of XML links to external objects, which allows attackers to compromise privacy.

The vulnerability of the Akamai CloudTest performance testing platform relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to compromise privacy...

5.8CVSS5.5AI score0.03395EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2024/09/18 12:0 a.m.7 views

The vulnerability of the libxml2 library stems from an improper limitation on XML references to external objects, which allows attackers to gain access to arbitrary files on the server or perform network scanning of internal and external infrastructure.

The vulnerability of the libxml2 library is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to arbitrary files on the server or perform network scanning of internal and external infrastructure...

9.4CVSS7AI score0.01192EPSS
Exploits0References4Affected Software1
Redos
Redos
added 2024/08/16 12:0 a.m.9 views

ROS-20240816-14

A vulnerability in the phardirread function of the PHP interpreter is caused by a buffer overflow on the stack. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code Vulnerability in PHP programming language interpreter is related to incorrect restriction of XM...

9.8CVSS8.9AI score0.08003EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2024/03/22 12:0 a.m.4 views

The vulnerability of the Apache Ivy package manager is related to incorrect restrictions on XML references to external objects. This allows attackers to disclose sensitive information or cause service failures.

The vulnerability of the Apache Ivy package manager is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or cause service failures...

8.5CVSS7.2AI score0.01855EPSS
Exploits0References4Affected Software12
Redos
Redos
added 2024/02/29 12:0 a.m.35 views

ROS-20240226-02

A vulnerability in Microsoft's .NET Framework software platform is related to incorrectly restricting XML links to external objects. external objects. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...

5.9CVSS6.3AI score0.0192EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/02/28 12:0 a.m.6 views

The vulnerability of the codehaus-plexus framework of Apache Maven is related to an incorrect restriction on XML references to external objects, which allows a hacker to execute arbitrary code.

The vulnerability of the codehaus-plexus framework of Apache Maven is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

4.3CVSS6.7AI score0.00694EPSS
Exploits0References7Affected Software20
BDU FSTEC
BDU FSTEC
added 2023/12/27 12:0 a.m.6 views

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

5.5CVSS5.9AI score0.00784EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/11/17 12:0 a.m.6 views

The vulnerability of the software tool for processing and managing financial transactions conducted through the SWIFT international messaging system allows a perpetrator to disclose protected information or compromise the accessibility of that information, due to incorrect restrictions on XML links to external objects in the IBM Financial Transaction Manager for SWIFT Services.

The vulnerability of the software tool for processing and managing financial transactions conducted through the SWIFT messaging system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected...

7.5CVSS7.7AI score0.00816EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/10/17 12:0 a.m.7 views

The vulnerability of the VBASE Automation Base software platform, related to incorrect restrictions on XML references to external objects, allows attackers to trigger service failures or gain unauthorized access to confidential data.

The vulnerability of the VBASE Automation Base software platform relates to incorrect restrictions on XML references pointing to external objects. Exploiting this vulnerability can allow attackers to cause service failures or gain unauthorized access to confidential data...

5.5CVSS5.9AI score0.00255EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/28 12:0 a.m.7 views

The vulnerability of the microprogramming software for routers PHOENIX CONTACT TC ROUTER, TC CLOUD CLIENT, and CLOUD CLIENT arises from incorrect restrictions on XML links to external objects. This allows attackers to cause service failures.

The vulnerability of the microprogramming software for routers PHOENIX CONTACT TC ROUTER, TC CLOUD CLIENT, and CLOUD CLIENT is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failur...

6.1CVSS5.6AI score0.01019EPSS
Exploits1References5Affected Software8
Rosalinux
Rosalinux
added 2023/06/20 10:11 a.m.34 views

Advisory ROSA-SA-2023-2169

software: log4net 1.2.15 OS: ROSA-CHROME packageevrstring: log4net-1.2.15-6.src.rpm CVE-ID: CVE-2018-1285 BDU-ID: 2021-01050 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the logging library to the .NET Framework log4net platform is related to XML external object XXE link restriction errors...

9.8CVSS6.9AI score0.49839EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/15 12:0 a.m.6 views

The vulnerability of the ColdFusion software platform arises from an incorrect limitation on the path to the restricted access directory. This allows attackers to execute arbitrary code.

The vulnerability of the ColdFusion software platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information...

7.8CVSS7.1AI score0.35527EPSS
Exploits0References3
Trellix
Trellix
added 2022/07/19 12:0 a.m.73 views

Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features

Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Vinay Kumar and Chintan Shah · July 19, 2022 Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned CVE-2022-30190 in Microsof...

9.1AI score0.99374EPSS
Exploits90
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.7 views

The vulnerability of the software import function of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a hacker to disclose protected information.

The vulnerability of the Cisco Enterprise NFV Infrastructure Software’s software import function NFVIS is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information using specially created...

7.8CVSS7.4AI score0.10922EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.4 views

The vulnerability of the Glances monitoring tool arises from improper restrictions on XML links to external objects. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Glances monitoring tool is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

10CVSS7.8AI score0.01639EPSS
Exploits1References8Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.4 views

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the BI Publisher Security component of the Oracle BI Publisher reporting tool is related to a deficiency in the restriction on XML references to external objects during the processing of ReportTemplateService parameters. Exploiting this vulnerability can allow an attacker to...

7.8CVSS6.9AI score0.02169EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/01/20 12:0 a.m.4 views

The vulnerability of the Ruby interpreter lies in the improper limitation of XML references to external objects, which allows attackers to compromise the integrity of data.

The vulnerability of the Ruby interpreter is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of data...

7.5CVSS6.7AI score0.05061EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2021/12/07 12:0 a.m.6 views

The vulnerability of the Adobe Experience Manager content and media data management system lies in the improper limitation of XML links to external objects, which allows attackers to access confidential information.

The vulnerability of the Adobe Experience Manager content and media data management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

7.8CVSS7.2AI score0.0319EPSS
Exploits0References3Affected Software1
Rosalinux
Rosalinux
added 2021/07/02 6:4 p.m.35 views

Advisory ROSA-SA-2021-1961

Software: redland 1.0.16 OS: Cobalt 7.9 CVE-ID: CVE-2012-0037 CVE-Crit: HIGH CVE-DESC: Redland Raptor also known as libraptor before 2.0.7, used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1 and other products, allows remote attackers, with the help of the user, ...

6.5CVSS6.4AI score0.13682EPSS
Exploits2
Rows per page
Query Builder