The vulnerability of the XML syntax analyzer in the Apache PDFBox Java library allows attackers to perform XXE attacks.

The vulnerability of the XML syntax analyzer in the Apache PDFBox Java library is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using a specially created XFDF file...

CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

[SECURITY] Fedora 32 Update: python-pygments-2.4.2-9.fc32

Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...

[SECURITY] Fedora 33 Update: python-pygments-2.6.1-6.fc33

Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...

Fedora: Security Advisory for python-pygments (FEDORA-2021-3f975f68c8)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python-pygments (FEDORA-2021-166dfc62b2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the module for syntactic analysis of PDF files in the ClamAV antivirus program allows a hacker to trigger a service failure.

The vulnerability of the PDF file syntax analysis module in the ClamAV antivirus program exists due to insufficient checks on input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the syntax analysis module in the email analysis part of the ClamAV antivirus program allows a hacker to trigger a service failure.

The vulnerability of the syntax analysis module in the ClamAV antivirus software package exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability affects implementations of syntactic analysis for XLS file formats in programs from Microsoft Office, Microsoft Office Web Apps Server, Microsoft Excel, Microsoft 365 Apps for Enterprise, and Microsoft Office Online Server. This allows attackers to execute arbitrary code.

The vulnerability of the XLS file syntax analysis implementation in Microsoft Office programs, such as Microsoft Office Web Apps Server, Microsoft Excel, Microsoft 365 Apps for Enterprise, and Microsoft Office Online Server, is related to the use of memory after it is released. Exploiting this...

The vulnerability relates to the implementation of syntactic analysis for CR3-files in the plugin for viewing RAW images. This allows an attacker to execute arbitrary code.

The vulnerability of the CR3-file syntax analysis implementation for viewing RAW images is related to errors in data type conversion. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created malicious web page or a specially created malicious file...

Eaton Intelligent Power Manager Eval Injection Vulnerability

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An Eval injection vulnerability exists in Eaton IPM versions prior to 1.69. The vulnerability arises becaus...

The vulnerability of the syntax analysis function for domain name records in the Simotics Connect 400 software and hardware suite allows a perpetrator to cause service interruptions.

The vulnerability of the syntax analysis function for DNS domain names in the Simotics Connect 400 software and hardware suite is related to errors that occur when a line or array is terminated with the NULL character. Exploiting this vulnerability could allow an attacker to cause service...

The vulnerability of the syntax analysis function for domain name records in the Simotics Connect 400 software and hardware suite allows a perpetrator to cause service interruptions.

The vulnerability of the syntax analysis function for DNS domain names in the Simotics Connect 400 software/hardware suite is related to reading data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

SUSE: Security Advisory (SUSE-SU-2017:1317-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability in the implementation of syntactic analysis of user action lists in Qualcomm’s embedded software allows a perpetrator to execute arbitrary code or cause service failures.

The vulnerability of the syntax analysis implementation for the user action list in Qualcomm’s embedded software lies in the buffer overflow that occurs when the TLV Tag-length-value data writing method with the NDPE parameter is used. Exploiting this vulnerability allows a remote attacker to...

Siemens network software vulnerabilities, related to the lack of commas in the syntax of elements or search paths, allow attackers to execute arbitrary code with elevated privileges.

The vulnerability of Siemens network software is related to the absence of commas in the syntax of elements or search paths. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...

Debian DSA-4890-1 : ruby-kramdown - security update

Stan Hu discovered that kramdown, a pure Ruby Markdown parser and converter, performed insufficient namespace validation of Rouge syntax highlighting formatters. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

CVE-2021-23277 Improper Neutralization of Directives in Dynamically Evaluated Code

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...

Debian: Security Advisory (DSA-4890-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4890-1] ruby-kramdown security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4890-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 12, 2021 https://www.debian.org/security/faq -...