EUVD-2021-2261

Malware in sbrugna...

CVE-2024-29010

The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity XXE injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions...

CVE-2024-29010

The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity XXE injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions...

PT-2022-11609 · Unknown · Visam Vbase

Name of the Vulnerable Software and Affected Versions: VISAM VBASE version 11.6.0.6 Description: The issue arises when VISAM VBASE processes an XML document containing XML entities with URIs that resolve to documents outside of the intended sphere of control. This causes the product to embed...

Remote Code Execution (RCE)

ruby-jss is vulnerable to remote code execution. The vulnerability exists due to the lack of validation which allows an attacker to execute scripts on the Plist when using Marshal.load during XML document processing...

GHSA-VMFH-C547-V45H Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

Remote code execution in ruby-jss

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

CVE-2021-33575

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

CVE-2021-33575

The CVE affects the Pixar ruby-jss gem prior to 1.6.0. Affected component is ruby-jss which processes XML via the Plist gem, whose documented behavior uses Marshal.load, enabling remote code execution. Reported by multiple sources (Red Hat, OSV, NVD, Snyk, RubyGems advisories). Impact is rated hi...

CVE-2021-33575

The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the Plist gem's documented behavior of using Marshal.load during XML document processing...

Amazon Linux 2 : xerces-c (ALAS-2020-1415)

The version of xerces-c installed on the remote host is prior to 3.1.1-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1415 advisory. A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that...

Microsoft .NET Framework Multiple Vulnerabilities (KB4095874)

This host is missing a critical security update according to Microsoft Security Updates KB4095874. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Description of Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4054998)

Description of Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4054998 Notice This update is included in the February 2018 Preview of the Quality Rollups for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windo...

Description of the Security and Quality Rollup for .NET Framework 4.6 on Windows Server 2008 SP2 (KB 4055002)

Description of the Security and Quality Rollup for .NET Framework 4.6 on Windows Server 2008 SP2 KB 4055002 Notice As of January 18, 2018, update 4055002 applies only to Windows Server 2008 SP2. For more information about the January 2018 Security and Quality Rollup for .NET Framework 4.6, 4.6.1,...

Silver Stripe CMS: source code security analysis report

Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...

Jetpack for WordPress: source code security analysis report

Several vulnerabilities were discovered in Automatic 'Jetpack for WordPress' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in...

Advanced Module Manager Free extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in Regular Labs 'Advanced Module Manager Free extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when Generating...

Concrete5 CMS: source code security analysis report

Several vulnerabilities were discovered in Portland Labs 'Concrete5 CMS' software: File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions...

JSN PowerAdmin extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in JoomlaShine 'JSN PowerAdmin extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography HttpOnly Cookies Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when...