2704 matches found
Stack-overflow in function xml_sax_parse at src/utils/xml_parser.c
Description Stack-overflow in MP4Box. Version shell MP4Box - GPAC version 2.3-DEV-rev263-g2afa05f4d-master c 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io Please cite our work in your research: GPAC Filters: https://doi.org/10.1145/3339825.3394929 GPAC:...
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces_2.9.0.v201101211617-4.8.0.jar
Summary Atlas eDiscovery Process Management is affected by a vulnerable org.apache.xerces2.9.0.v201101211617-4.8.0.jar. Hence org.apache.xerces2.9.0.v201101211617-4.8.0.jar upgraded to org.apache.xerces2.12.2.v201101211617-4.8.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2012-088...
CVE-2023-26057
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...
CVE-2023-26058
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
Input validation
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
CVE-2023-26058
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
CVE-2023-26058
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
Nokia NetAct 代码问题漏洞
Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...
Nokia NetAct 代码问题漏洞
Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...
CVE-2023-26058
CVE-2023-26058 – Nokia NetAct XXE : Multiple sources confirm an XML External Entity vulnerability in Nokia NetAct prior to 22 FP2211, exploitable via an XML document to a Performance Manager page. The root cause is missing input validation and improper XML parser configuration. Impact is describe...
CVE-2023-26057
The CVE-2023-26057 entry describes an XXE flaw in Nokia NetAct before 22 FP2211, exploitable via an XML document to the Configuration Dashboard page. Root cause: missing input validation and a misconfigured XML parser, potentially allowing access to sensitive data or SSRF when parsing XML. Impact...
CVE-2023-26057
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...
FreeBSD : py39-OWSLib -- arbitrary file read vulnerability (e5d117b3-2153-4129-81ed-42b0221afa78)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e5d117b3-2153-4129-81ed-42b0221afa78 advisory. - OWSLib is a Python package for client programming with Open Geospatial Consortium OGC web service...
Zoho ManageEngine Applications Manager 代码问题漏洞
ZOHO ManageEngine Applications Manager is a set of IT operation and maintenance management solutions of the United States ZhuoHao ZOHO company. The product features application performance management, fault management, report generation, and SLA management. A security vulnerability exists in Zoho...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
Automated Logic Corporation (CVE-2018-8819)
An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...
Vertiv Liebert SiteScan Web Improper Restriction of XML External Entity Reference (CVE-2016-8348)
An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
GHSA-VQ5H-QGXM-2M39 Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks
Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Crap Report file contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins...