Debian dla-3101 : libxslt1-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3101 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3101-1 [email protected]...

PT-2022-6911 · D Link · D-Link Dap-1325

Name of the Vulnerable Software and Affected Versions: D-Link DAP-1325 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. The specific flaw exists within the handling of XML data...

Ubuntu: Security Advisory (USN-5006-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3902-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM : Libxslt vulnerabilities (USN-5575-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5575-2 advisory. USN-5575-1 fixed vulnerabilities in Libxslt. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

untangle vulnerable to Improper Restriction of XML External Entity Reference

Description untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. Impact An attacker may...

CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...

CVE-2022-31471

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files...

CVE-2022-33977

untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service DoS condition on the server where the...

USN-5187-1 glances vulnerability

It was discovered that Glances incorrectly parsed untrusted XML data due to usage of xmlrpclib. An attacker could possibly use this to perform an External Entity XXE Injection and cause the host system to crash...

CVE-2022-2458

An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...

GHSA-QM37-C4W6-H9V9 Missing Authorization in Jenkins XPath Configuration Viewer Plugin

XPath Configuration Viewer Plugin 1.1.1 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. Given appropriate XPath expressions, this page grants access to job configuration XML data...

The vulnerability of clients for conducting real-time audio and video conferences via Zoom Client for Meetings on Android, iOS, Linux, macOS, and Windows allows a hacker to perform spoofing attacks due to improper data analysis of XML messages in XMPP messages.

The vulnerability of clients for conducting real-time audio and video conferences using Zoom Client for Meetings on Android, iOS, Linux, macOS, and Windows is related to improper analysis of XML data in XMPP messages. Exploiting this vulnerability allows a malicious actor to perform a spoofing...

The vulnerability of the command-line interface of Cisco Firepower Threat Defense (FTD) software allows a hacker to execute arbitrary code.

The vulnerability of the command-line interface of Cisco Firepower Threat Defense FTD software relates to errors in processing XML requests. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially created XML data...

XXE vulnerability in Jenkins Nerrvana Plugin

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with Overall/Read permission to have Jenkins parse a crafted HTTP request with XML data that uses external entities for extraction of secrets from the...

GHSA-HJ32-9MCW-5CWH Missing permission check in Jenkins Project Inheritance Plugin

Jenkins limits access to job configuration XML data config.xml to users with Job/ExtendedRead permission, typically implied by Job/Configure permission. Project Inheritance Plugin has several job inspection features, including the API URL /job/…​/getConfigAsXML for its Inheritance Project job typ...

Nokogiri implementation of libxslt vulnerable to heap corruption

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.3...

GHSA-VMFX-GCFQ-WVM2 Nokogiri implementation of libxslt vulnerable to heap corruption

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. Nokogiri prior to version 1.10.5 contains a vulnerable version of libxslt. Nokogiri version 1.10.5 upgrades the dependency to libxslt 1.1.3...

XML Injection in Apache Solr

The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

CVE-2022-27669

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges...