Lucene search
+L

80 matches found

BDU FSTEC
BDU FSTEC
added 2022/12/09 12:0 a.m.6 views

The vulnerability of the dynamic data management framework Apache Calcite, related to incorrect restrictions on XML links to external objects, allows attackers to perform XXE attacks.

The vulnerability of the Apache Calcite dynamic data management framework is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using specially created XML code...

10CVSS6.9AI score0.01931EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/23 3:26 p.m.25 views

CVE-2021-3782

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...

7AI score0.00297EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/09/15 12:0 a.m.22 views

Duplicate of GHSA-m77f-652q-wwp4

Duplicate advisory This advisory is a duplicate of GHSA-m77f-652q-wwp4. This link is maintained to preserve external references. Original Description ::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infini...

7.5CVSS1.1AI score0.0085EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/22 12:0 a.m.8 views

The vulnerability of the AVEVA Edge SCADA system, related to incorrect restrictions on XML references to external objects, allows a intruder to trigger a service failure or gain unauthorized access to confidential data.

The vulnerability of the AVEVA Edge SCADA system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow an attacker to trigger service failures or gain unauthorized access to confidential data...

6.6CVSS5.5AI score0.13681EPSS
Exploits0References1
Snyk
Snyk
added 2022/07/30 4:5 p.m.1 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free when the client creates a large number of wlshm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. Remediation Upgrade wayland to version 1.21.0 or higher...

8.8CVSS7.1AI score0.00297EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2022/06/01 9:2 a.m.421 views

Exploit for CVE-2022-30190

console $ gollina -h gollina Follina MS-MSDT 0-day MS Of...

9.3CVSS7.3AI score0.99374EPSS
Exploits62
BDU FSTEC
BDU FSTEC
added 2022/04/11 12:0 a.m.8 views

The vulnerability of the Perl module XML::Atom, related to incorrect restrictions on XML references to external objects, allows attackers to access confidential data.

The vulnerability of the Perl module XML::Atom is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...

7.5CVSS7.2AI score0.01402EPSS
Exploits2References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2022/03/01 12:0 a.m.7 views

The vulnerability of the software for configuring and diagnosing processes in ToolboxST arises from improper restrictions on XML references to external objects, which allows attackers to disclose sensitive information.

The vulnerability of the software for configuring and diagnosing processes in ToolboxST is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

7.8CVSS5.4AI score0.01052EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/25 12:0 a.m.7 views

The vulnerability of the BC-BMT-BPM-DSK component of the SAP NetWeaver Java Application Server allows attackers to perform XXE attacks.

The vulnerability of the BC-BMT-BPM-DSK component of the SAP NetWeaver Java Application Server is related to deficiencies in the mechanism for restricting XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

6.5CVSS7AI score0.23805EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/10 12:0 a.m.8 views

The vulnerability of Huawei eCNS280 basic network system’s microprogramming software lies in the improper limitation of XML links to external objects, which allows a perpetrator to cause a service failure for the module.

The vulnerability of the microprogramming software in Huawei’s basic network system eCNS280 is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause a failure in the module’s operation...

5.3CVSS5.9AI score0.00631EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/05/24 12:0 a.m.8 views

The vulnerability of the Diagnostic Assistant component of the Oracle OSS Support Tools software allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Diagnostic Assistant component of the Oracle OSS Support Tools software relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.8CVSS6AI score0.01451EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/12 12:0 a.m.5 views

The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a malicious individual to gain unauthorized access to protected information.

The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network is caused by insufficient restrictions on XML references to external objects. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using specially created...

6.4CVSS5.5AI score0.00859EPSS
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2021/02/16 9:49 a.m.15 views

QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID

Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the DOCID parameter on the TPrabhuObject operation BeginOrder to inject arbitrary SQL statements into t...

0.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/02/16 12:0 a.m.9 views

The vulnerability of web services in the Spring Framework software platform allows attackers to compromise the confidentiality, integrity, and accessibility of information.

The vulnerability of web services in the Spring Framework is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of information...

10CVSS7.5AI score0.0411EPSS
Exploits0References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.8 views

The vulnerability in the implementation of the XML::Twig Perl module for processing XML documents in a tree-like mode allows a attacker to cause a service failure or gain unauthorized access to protected information.

The vulnerability of the expandexternalents configuration implementation in the Perl module for processing XML documents in a tree-like mode, implemented via XML::Twig, is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow an attack...

9.4CVSS7.7AI score0.03542EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/03/12 12:0 a.m.8 views

The vulnerability relates to the XSSFExportToXml Java library for reading and writing MS Office documents using Apache POI. It allows an attacker to gain unauthorized access to read these files.

The vulnerability in the XSSFExportToXml Java library for reading and writing MS Office documents using Apache POI is related to deficiencies in the restriction on XML references to external objects. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read the fil...

5.5CVSS6.8AI score0.0099EPSS
Exploits0References10Affected Software23
BDU FSTEC
BDU FSTEC
added 2020/02/03 12:0 a.m.9 views

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager system allows a attacker to disclose sensitive information.

The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager DCNM system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...

6.8CVSS5.9AI score0.01306EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/01/13 12:0 a.m.6 views

The vulnerability of the Lenovo XClarity Administrator and Lenovo XClarity Integrator software in resource management lies in the improper limitation of XML references to external objects. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Lenovo XClarity Administrator and Lenovo XClarity Integrator software for resource management lies in incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

5.3CVSS6.2AI score0.01358EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2020/01/08 11:38 p.m.47 views

CVE-2019-16863

Cryptographic timing vulnerabilities were discovered in certain versions of the Trusted Platform Module TPM firmware distributed by Intel and STMicroelectronics. Software that uses the TPM to compute ECDSA signatures could leak information through the timing of ECDSA signature operations, allowin...

6.8CVSS1.1AI score0.03279EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2019/12/26 12:0 a.m.4 views

The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform allows a hacker to gain unauthorized access to protected information.

The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protecte...

6.8CVSS6.9AI score0.02258EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder