EUVD-2021-24632

Malware in sbrugna...

EUVD-2019-16219

Malware in sbrugna...

CVE-2023-28008

HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

WordPress XMLRPC 3.9.2 Denial of Service

WordPress version 3.9.2 XMLRPC proof of concept denial of service exploit that leverages a vulnerability from 2014 and was originally discovered by Nir Goldshlager...

Ubuntu: Security Advisory (USN-7060-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6694-1: Expat vulnerabilities

It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. CVE-2023-52425, CVE-2024-28757...

CVE-2022-38389 IBM Tivoli Workload Scheduler XML external entity injection

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Xerces

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Xerces. Vulnerability Details CVEID: CVE-2022-23437 DESCRIPTION: Apache Xerces2 Java XML Parser is vulnerable to a denial of service, caused by an infinite loop in the XML parser. By persuading a victi...

General Electric Renewable Energy MDS Radios

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: General Electric Renewable Energy Equipment: MDS iNET/iNET II/SD/TD220/TD220MAX Radios Vulnerabilities: I mproper Input Validation, Hidden Functionality, Inadequate Encryption Strength, Uncontrolled...

CVE-2021-3749

A Regular Expression Denial of Service ReDoS vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this...

CVE-2021-20474

IBM Guardium Data Encryption GDE 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources...

[SECURITY] [DLA 2016-1] ssvnc security update

Package : ssvnc Version : 1.0.29-2+deb8u1 CVE ID : CVE-2018-20020 CVE-2018-20021 CVE-2018-20022 CVE-2018-20024 Debian Bug : 945827 Several vulnerabilities have been identified in the VNC code of ssvnc, an encryption-capable VNC client.. The vulnerabilities referenced below are issues that have...

USN-3813-1: pyOpenSSL vulnerabilities

It was discovered that pyOpenSSL incorrectly handled memory when handling X509 objects. A remote attacker could use this issue to cause pyOpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2018-1000807 It was discovered that pyOpenSSL incorrectly handled...

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

atvise webMI2ADS Web Server <= 1.0 - Multiple Vulnerabilities

No description provided by source. Luigi Auriemma Application: atvise webMI2ADS - Web server for Beckhoff PLCs http://www.atvise.com/en/atvise-downloads/products Versions: = 1.0 Platforms: Windows XP embedded and CE x86/ARM Bugs: A directory traversal B NULL pointer C termination of the software ...

Debian DSA-2659-1 : libapache-mod-security - XML external entity processing vulnerability

Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially crafted XML file provided by a remote attacker,...

DSA-2659-1 libapache-mod-security - XML external entity processing vulnerability

Bulletin has no description...

Certec atvise webMI2ADS Vulnerabilities

Overview This advisory is a follow-up to the ICS-CERT alert titled ICS-ALERT-11-283-02 – Certec atvise webMI Vulnerabilities, released to the ICS-CERT web page on October 10, 2011. Independent researcher Luigi Auriemma has identified vulnerabilities in Certec’s webMI2ADS application. These...

Endless loop and resources consumption in Halo 1.0.7.0615

Luigi Auriemma Application: Halo: Combat Evolved http://www.microsoft.com/games/pc/halo.aspx Versions: = 1.0.7.0615 before 30 Jul 2008 Platforms: Windows Bugs: A endless loop B resources consumption Exploitation: remote, versus server Date: 06 Aug 2008 Author: Luigi Auriemma e-mail:...

NULLhttpd &lt;= 0.5.1 remote resources consumption

Luigi Auriemma Application: NULLhttpd http://nullhttpd.sourceforge.net/httpd/ Versions: = 0.5.1 Platforms: All supported Win & Unix Bug: Remote resources consumption Risk: Medium Author: Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org 1 Introduction 2 Bug 3 The Code...