343 matches found
Misinterpretation of malicious XML input
Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to one of the fixed versions of @xmldom/xmld...
CVE-2021-32796 Misinterpretation of malicious XML input in xmldom
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...
Cisco Web Security Appliance Privilege Escalation (cisco-sa-scr-web-priv-esc-k3HCGJZ)
According to its self-reported version, Cisco Web Security Appliance is affected by a privilege escalation vulnerability. A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injectio...
Cisco BPA, WSA Bugs Allow Remote Cyberattacks
A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...
CVE-2021-1359
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...
Command injection
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...
CVE-2021-1359 Cisco Web Security Appliance Privilege Escalation Vulnerability
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...
CVE-2021-1359 Cisco Web Security Appliance Privilege Escalation Vulnerability
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...
Cisco Web Security Appliance Privilege Escalation Vulnerability
A vulnerability in the configuration management of Cisco AsyncOS for Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied XML input for the...
Elastic App Search web crawler 代码问题漏洞
Elastic App Search web crawler is an application from Elastic USA. provides greater scalability and performance enhancements. A code issue vulnerability exists in App Search web crawler that stems from insufficient validation of user-supplied XML input in Enterprise Search. The following products...
CVE-2020-6590
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...
CVE-2020-6590
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...
Information disclosure
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...
CVE-2020-6590
CVE-2020-6590 affects Forcepoint Web Security Content Gateway versions prior to 8.5.4, where improper processing of XML input leads to information disclosure. The issue is rooted in XML handling (XML input processing) and can be triggered remotely over the network with low attack complexity; no u...
CVE-2020-6590
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure...
Forcepoint Web Security Content Gateway 代码问题漏洞
Forcepoint Web Security Content Gateway is an application gateway from Forcepoint, USA. A code issue vulnerability exists in Forcepoint Web Security Content Gateway versions prior to 8.5.4 that stems from incorrectly processing XML input, which can lead to information disclosure...
Misinterpretation of malicious XML input
Overview Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Workarounds...
Misinterpretation of malicious XML input
Impact xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.5...
PT-2021-4787 · Xstream +6 · Xstream +6
Name of the Vulnerable Software and Affected Versions: XStream versions prior to 1.4.16 Description: The issue concerns a Java library used to serialize objects to XML and back again. It may allow a remote attacker to execute arbitrary code by manipulating the processed input stream. Users who se...
NewStart CGSL MAIN 6.02 : expat Multiple Vulnerabilities (NS-SA-2021-0083)
The remote NewStart CGSL host, running version MAIN 6.02, has expat packages installed that are affected by multiple vulnerabilities: - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and...