NewStart CGSL MAIN 6.06 : python-lxml Multiple Vulnerabilities (NS-SA-2023-0136)

The remote NewStart CGSL host, running version MAIN 6.06, has python-lxml packages installed that are affected by multiple vulnerabilities: - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The urllib3...

Rocky Linux 8 : python27:2.7 (RLSA-2019:0981)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:0981 advisory. - SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. CVE-2019-7164 - SQLAlchemy 1.2.17 has SQL Injectio...

CVE-2023-31169

An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

Input validation

An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

CVE-2023-31169 Improper Handling of Unicode Encoding

An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

CVE-2023-31169 Improper Handling of Unicode Encoding

An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated...

CVE-2023-31169

Summary (CVE-2023-31169) : The issue is an improper handling of Unicode encoding in Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software, affecting versions up to 7.1.3.0. The vulnerability could allow an attacker to embed instructions that could be executed by an authorized...

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet 安全漏洞

Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software is a Schweitzer Engineering Laboratories, Inc. tool for configuring, commissioning and managing power system protection, control, metering and monitoring equipment. monitoring equipment of the power system. A security...

PT-2023-5213 · Schweitzer Engineering Laboratories · Acselerator Quickset

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software versions through 7.1.3.0 Description: The issue is related to an improper handling of Unicode encoding, which could allow an attacker to embed instructions that could ...

K7544: Full-width and half-width Unicode encoded data bypasses IDS/IPS security controls VU#739224

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

CVE-2022-25987

Improper handling of Unicode encoding in source code to be compiled by the IntelR C++ Compiler Classic before version 2021.6 for IntelR oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

Input validation

Improper handling of Unicode encoding in source code to be compiled by the IntelR C++ Compiler Classic before version 2021.6 for IntelR oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access...

CVE-2022-25987

Intel CVE-2022-25987 describes improper handling of Unicode encoding in source code compiled by the Intel C++ Compiler Classic before 2021.6 for Intel oneAPI Toolkits before 2022.2, which may allow an unauthenticated user to escalate privileges via network access. Affected: Intel® oneAPI Toolkits...

USN-5665-1: PCRE vulnerabilities

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service. CVE-2017-6004 It was discovered that PCRE incorrectly handled certain Unicode encoding. A remote attacke...

Ubuntu: Security Advisory (USN-4127-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2022-1660759632 Fixed 13 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

GPAC 缓冲区错误漏洞

GPAC is an open source multimedia framework. GPAC 2.0.0 suffers from a buffer overflow vulnerability that stems from abuse of the Unicode utf8wcslen renamed gfutf8wcslen function in utils/utf.c. An attacker could exploit this vulnerability to cause a heap-based buffer over read...

expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

AZL-43681 CVE-2022-25235 affecting package ogdi 4.1.0-9

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

DEBIAN-CVE-2022-25235

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...