Lucene search
K

31 matches found

Positive Technologies
Positive Technologies
added 2025/06/15 12:0 a.m.4 views

PT-2025-30560 · Open Source Geospatial Foundation · Geotools

Уязвимость модудей gt-xsd-core и gt-wfs-ng библиотеки GeoTools связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить XXE-атаки...

9CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/28 12:0 a.m.1 views

PT-2023-8178 · Apache · Apache Openoffice

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions prior to the fixed version Description: The issue is related to insufficient input validation when processing arguments, allowing a remote attacker to execute arbitrary code. Apache OpenOffice documents can contain...

10CVSS8.7AI score0.02727EPSS
Exploits0References15
BDU FSTEC
BDU FSTEC
added 2023/12/27 12:0 a.m.5 views

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

5.5CVSS5.9AI score0.00784EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.8 views

The vulnerability of the “Add UCS Device” function in the OpManager network monitoring software, including OpManager MSP and OpManager Plus, allows a attacker to perform an SSRF attack.

The vulnerability of the “Add UCS Device” function in OpManager’s network monitoring software, including OpManager MSP and OpManager Plus, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...

5.8CVSS5.8AI score0.19807EPSS
Exploits1References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/07/13 12:0 a.m.6 views

The vulnerability of the ConnectWise Automate software for remote monitoring and management of IT assets stems from incorrect restrictions on XML links to external objects. This allows attackers to execute arbitrary code or gain unauthorized access to protected information.

The vulnerability of the software for remote monitoring and management of IT assets in ConnectWise Automate relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or gain unauthorized access to...

9.8CVSS8.3AI score0.01061EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.5 views

The vulnerability in the web interface of the BroadWorks Messaging Server allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability in the web interface of the BroadWorks Messaging Server is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information or cause service...

5.5CVSS7.1AI score0.01115EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2020/08/11 11:0 p.m.77 views

Avito: link.avito.ru - Bypass of restrictions on external links.

Hello Avito! On "link.avito.ru" subdomain of "www.avito.ru" attacker able to bypass restriction for dangerous external links via trusted domain google.com. This scenario may be also possible with all other trusted subdomains of avito such as "yandex.ru" and so on, but in this example i'm used...

7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/01/27 12:0 a.m.4 views

The vulnerability of the XML platform’s syntactic analyzer, which is designed to enhance the effectiveness of educational materials and documentation. SAP Enable Now allows unauthorized access to protected information.

The vulnerability of the XML syntax analyzer on the SAP Enable Now platform, which is designed to improve the effectiveness of educational materials and documentation, is related to errors in XML link restrictions. Exploiting this vulnerability could allow an attacker to gain unauthorized access ...

5.5CVSS5.9AI score0.00689EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/21 12:0 a.m.6 views

The vulnerability of the hidden content checking component in the SAP NetWeaver software integration platform allows a perpetrator to access confidential information or cause service failures.

The vulnerability of the hidden content checking component in the SAP NetWeaver software integration platform is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information or cause servic...

9.4CVSS5.5AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/10/05 12:0 a.m.4 views

The vulnerability of the Single Sign-On implementation for management tools in VMware vCenter Server and VMware vRealize Automation arises from incorrect restrictions on XML links to external objects. This allows a malicious actor to trigger service failures or gain access to confidential information.

The vulnerability of Single Sign-On implementations for VMware vCenter Server and VMware vRealize Automation management tools is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause service failures or gain...

6.4CVSS7.7AI score0.02146EPSS
Exploits0References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2014/10/09 12:0 a.m.28 views

Ubuntu 14.04 LTS : APT vulnerability (USN-2370-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2370-1 advisory. Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite...

3.6CVSS5.8AI score0.00386EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2014/10/08 2:36 p.m.59 views

USN-2370-1: APT vulnerability

Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions...

3.6CVSS5.5AI score0.00386EPSS
Exploits0
OSV
OSV
added 2014/10/08 2:36 p.m.3 views

USN-2370-1 apt vulnerability

Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions...

3.6CVSS5.9AI score0.00386EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/05/02 12:0 a.m.57 views

Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2191-1)

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,...

10CVSS7.7AI score0.07571EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2014/05/01 12:0 a.m.28 views

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-2187-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2187-1 advisory. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit...

10CVSS7.8AI score0.07571EPSS
Exploits0References25
OpenVAS
OpenVAS
added 2014/01/27 12:0 a.m.35 views

Ubuntu Update for hplip USN-2085-1

Check for the Version of hplip OpenVAS Vulnerability Test $Id: gbubuntuUSN20851.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for hplip USN-2085-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; yo...

6.8CVSS0.03945EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2014/01/21 1:46 p.m.59 views

USN-2085-1: HPLIP vulnerabilities

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. CVE-2013-6402 It was...

6.8CVSS7.8AI score0.03945EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/01/10 12:0 a.m.13 views

Ubuntu Update for puppet USN-2077-2

Check for the Version of puppet OpenVAS Vulnerability Test $Id: gbubuntuUSN20772.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for puppet USN-2077-2 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...

7.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/01/10 12:0 a.m.12 views

Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : puppet regression (USN-2077-2)

USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. It was discovered that Puppet incorrectly handled temporary files. A local attacker could...

5.6AI score
Exploits0References1
Ubuntu
Ubuntu
added 2014/01/09 3:53 p.m.30 views

USN-2077-2: Puppet regression

USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Puppet incorrectly handled temporary file...

5.7AI score
Exploits0References1
Rows per page
Query Builder