31 matches found
PT-2025-30560 · Open Source Geospatial Foundation · Geotools
Уязвимость модудей gt-xsd-core и gt-wfs-ng библиотеки GeoTools связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить XXE-атаки...
PT-2023-8178 · Apache · Apache Openoffice
Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions prior to the fixed version Description: The issue is related to insufficient input validation when processing arguments, allowing a remote attacker to execute arbitrary code. Apache OpenOffice documents can contain...
The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
The vulnerability of the “Add UCS Device” function in the OpManager network monitoring software, including OpManager MSP and OpManager Plus, allows a attacker to perform an SSRF attack.
The vulnerability of the “Add UCS Device” function in OpManager’s network monitoring software, including OpManager MSP and OpManager Plus, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...
The vulnerability of the ConnectWise Automate software for remote monitoring and management of IT assets stems from incorrect restrictions on XML links to external objects. This allows attackers to execute arbitrary code or gain unauthorized access to protected information.
The vulnerability of the software for remote monitoring and management of IT assets in ConnectWise Automate relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or gain unauthorized access to...
The vulnerability in the web interface of the BroadWorks Messaging Server allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability in the web interface of the BroadWorks Messaging Server is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information or cause service...
Avito: link.avito.ru - Bypass of restrictions on external links.
Hello Avito! On "link.avito.ru" subdomain of "www.avito.ru" attacker able to bypass restriction for dangerous external links via trusted domain google.com. This scenario may be also possible with all other trusted subdomains of avito such as "yandex.ru" and so on, but in this example i'm used...
The vulnerability of the XML platform’s syntactic analyzer, which is designed to enhance the effectiveness of educational materials and documentation. SAP Enable Now allows unauthorized access to protected information.
The vulnerability of the XML syntax analyzer on the SAP Enable Now platform, which is designed to improve the effectiveness of educational materials and documentation, is related to errors in XML link restrictions. Exploiting this vulnerability could allow an attacker to gain unauthorized access ...
The vulnerability of the hidden content checking component in the SAP NetWeaver software integration platform allows a perpetrator to access confidential information or cause service failures.
The vulnerability of the hidden content checking component in the SAP NetWeaver software integration platform is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information or cause servic...
The vulnerability of the Single Sign-On implementation for management tools in VMware vCenter Server and VMware vRealize Automation arises from incorrect restrictions on XML links to external objects. This allows a malicious actor to trigger service failures or gain access to confidential information.
The vulnerability of Single Sign-On implementations for VMware vCenter Server and VMware vRealize Automation management tools is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause service failures or gain...
Ubuntu 14.04 LTS : APT vulnerability (USN-2370-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2370-1 advisory. Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite...
USN-2370-1: APT vulnerability
Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions...
USN-2370-1 apt vulnerability
Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions...
Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2191-1)
Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452,...
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-2187-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2187-1 advisory. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit...
Ubuntu Update for hplip USN-2085-1
Check for the Version of hplip OpenVAS Vulnerability Test $Id: gbubuntuUSN20851.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for hplip USN-2085-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; yo...
USN-2085-1: HPLIP vulnerabilities
It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu 12.04 LTS and higher, this should be prevented by the Yama link restrictions. CVE-2013-6402 It was...
Ubuntu Update for puppet USN-2077-2
Check for the Version of puppet OpenVAS Vulnerability Test $Id: gbubuntuUSN20772.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for puppet USN-2077-2 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...
Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : puppet regression (USN-2077-2)
USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. It was discovered that Puppet incorrectly handled temporary files. A local attacker could...
USN-2077-2: Puppet regression
USN-2077-1 fixed a vulnerability in Puppet. The upstream patch introduced a regression resulting in the default file mode being incorrect. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Puppet incorrectly handled temporary file...