80 matches found
The vulnerability of the dynamic data management framework Apache Calcite, related to incorrect restrictions on XML links to external objects, allows attackers to perform XXE attacks.
The vulnerability of the Apache Calcite dynamic data management framework is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using specially created XML code...
CVE-2021-3782
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...
Duplicate of GHSA-m77f-652q-wwp4
Duplicate advisory This advisory is a duplicate of GHSA-m77f-652q-wwp4. This link is maintained to preserve external references. Original Description ::fromrequest would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large or infini...
The vulnerability of the AVEVA Edge SCADA system, related to incorrect restrictions on XML references to external objects, allows a intruder to trigger a service failure or gain unauthorized access to confidential data.
The vulnerability of the AVEVA Edge SCADA system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow an attacker to trigger service failures or gain unauthorized access to confidential data...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free when the client creates a large number of wlshm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. Remediation Upgrade wayland to version 1.21.0 or higher...
Exploit for CVE-2022-30190
console $ gollina -h gollina Follina MS-MSDT 0-day MS Of...
The vulnerability of the Perl module XML::Atom, related to incorrect restrictions on XML references to external objects, allows attackers to access confidential data.
The vulnerability of the Perl module XML::Atom is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...
The vulnerability of the software for configuring and diagnosing processes in ToolboxST arises from improper restrictions on XML references to external objects, which allows attackers to disclose sensitive information.
The vulnerability of the software for configuring and diagnosing processes in ToolboxST is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
The vulnerability of the BC-BMT-BPM-DSK component of the SAP NetWeaver Java Application Server allows attackers to perform XXE attacks.
The vulnerability of the BC-BMT-BPM-DSK component of the SAP NetWeaver Java Application Server is related to deficiencies in the mechanism for restricting XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...
The vulnerability of Huawei eCNS280 basic network system’s microprogramming software lies in the improper limitation of XML links to external objects, which allows a perpetrator to cause a service failure for the module.
The vulnerability of the microprogramming software in Huawei’s basic network system eCNS280 is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause a failure in the module’s operation...
The vulnerability of the Diagnostic Assistant component of the Oracle OSS Support Tools software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Diagnostic Assistant component of the Oracle OSS Support Tools software relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a malicious individual to gain unauthorized access to protected information.
The vulnerability in the vManage web interface of the Cisco SD-WAN program-defined network is caused by insufficient restrictions on XML references to external objects. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using specially created...
QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID
Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the DOCID parameter on the TPrabhuObject operation BeginOrder to inject arbitrary SQL statements into t...
The vulnerability of web services in the Spring Framework software platform allows attackers to compromise the confidentiality, integrity, and accessibility of information.
The vulnerability of web services in the Spring Framework is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of information...
The vulnerability in the implementation of the XML::Twig Perl module for processing XML documents in a tree-like mode allows a attacker to cause a service failure or gain unauthorized access to protected information.
The vulnerability of the expandexternalents configuration implementation in the Perl module for processing XML documents in a tree-like mode, implemented via XML::Twig, is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow an attack...
The vulnerability relates to the XSSFExportToXml Java library for reading and writing MS Office documents using Apache POI. It allows an attacker to gain unauthorized access to read these files.
The vulnerability in the XSSFExportToXml Java library for reading and writing MS Office documents using Apache POI is related to deficiencies in the restriction on XML references to external objects. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read the fil...
The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager system allows a attacker to disclose sensitive information.
The vulnerability of the SOAP API interface of the Cisco Data Center Network Manager DCNM system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...
The vulnerability of the Lenovo XClarity Administrator and Lenovo XClarity Integrator software in resource management lies in the improper limitation of XML references to external objects. This allows attackers to disclose sensitive information that should be protected.
The vulnerability of the Lenovo XClarity Administrator and Lenovo XClarity Integrator software for resource management lies in incorrect restrictions on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
CVE-2019-16863
Cryptographic timing vulnerabilities were discovered in certain versions of the Trusted Platform Module TPM firmware distributed by Intel and STMicroelectronics. Software that uses the TPM to compute ECDSA signatures could leak information through the timing of ECDSA signature operations, allowin...
The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform allows a hacker to gain unauthorized access to protected information.
The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protecte...