PT-2025-30599 · Fast Reports · Fastreport .Net

Уязвимость библиотеки генерации отчетов и документов FastReport .NET связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ на чтение файлов и осуществить SSRF-атаку...

ROS-20250609-01

A vulnerability in the DOMDeserializer component of the FasterXML jackson-databind library is related to an incorrect restriction of XML links to external objects. Exploitation of the vulnerability could allow an attacker, acting remotely, to conduct XXE attacks...

The vulnerability of the software platform for monitoring and managing IT infrastructure—Operations Bridge Manager (OBM)—is related to incorrect restrictions on XML links to external objects. This allows a malicious actor to gain unauthorized access to confidential information.

The vulnerability of the software platform for monitoring and managing IT infrastructure, Operations Bridge Manager OBM, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized...

The vulnerability of the interactive browser environment for data analysis and visualization in Apache Zeppelin SAP arises from incorrect restrictions on XML links to external objects. This allows attackers to disclose sensitive information or cause service failures.

The vulnerability of the interactive browser environment for data analysis and visualization in Apache Zeppelin SAP is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or cause service...

The vulnerability of the OpenCMS content management system lies in the improper limitation of XML links to external objects, which allows attackers to execute arbitrary code by sending a specially crafted POST request.

The vulnerability of the OpenCMS content management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted POST request remotely...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain unauthorized access to protected information or perform an SSRF attack.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or perform a SSRF attac...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the improper limitation of XML links to external objects, which allows attackers to access confidential information.

The vulnerability of the Adobe Experience Manager content and media data management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

The vulnerability of the Adobe Experience Manager content and media data management system lies in the improper limitation of XML links to external objects, which allows attackers to access confidential information.

The vulnerability of the Adobe Experience Manager content and media data management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

The vulnerability of the “ASSaD-ID” biometrics system’s software lies in the improper restriction on XML links to external objects, which allows a perpetrator to carry out an SSRF attack.

The vulnerability of the “ASSaD-ID” biometrics system’s software is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack and execute arbitrary code within the system...

The vulnerability of the online business analytics service IBM Cognos Analytics lies in the improper restriction of XML links to external objects. This allows attackers to gain unauthorized access to protected information or cause service failures.

The vulnerability of the online business analytics service IBM Cognos Analytics is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or cause service failures...

The vulnerability of the WebReports server lies in the improper limitation of XML links to external objects. This allows attackers to disclose protected information or cause service failures.

The vulnerability of the WebReports report server is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected information or cause service failures...

PT-2020-5511 · Nokogiri +4 · Nokogiri +4

Name of the Vulnerable Software and Affected Versions: Nokogiri versions prior to 1.11.0.rc4 Nokogiri versions 1.10.10 and earlier Nokogiri prereleases 1.11.0.rc1, 1.11.0.rc2, and 1.11.0.rc3 Description: The issue is related to the incorrect restriction of XML links to external objects, allowing...

The vulnerability of Intel Quartus Prime Pro and Intel Quartus Prime Standard automated design systems lies in improper restrictions on XML links to external objects, which allows attackers to gain unauthorized access to protected information.

The vulnerability of Intel Quartus Prime Pro and Intel Quartus Prime Standard automated design systems is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...

The vulnerability of the XmlLite.dll library in the Windows operating system allows a hacker to trigger a service failure.

The vulnerability of the XmlLite.dll library in the Windows operating system is related to errors in restricting XML links to external objects. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending specially crafted requests...

The vulnerability of the IBM QRadar SIEM system’s event collection and analysis process is related to improper restrictions on XML links to external objects. This allows attackers to disclose sensitive information or exploit memory resources.

The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to disclose protected information or utilize memory resources...

The vulnerability of the Apache XML-RPC library (ws-xmlrpc) is related to improper restrictions on XML links to external objects, which allows attackers to perform SSRF attacks.

The vulnerability of the Apache XML-RPC library ws-xmlrpc is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using specially crafted DTDs...

The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to trigger a service failure or read arbitrary files.

The vulnerability of the XML parser in the IBM WebSphere Portal user interface relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files or cause service failures by declaring external links that are related ...