CVE-2023-44412 D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability

D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-44408

The CVE-2023-44408 entry applies to D-Link DAP-1325 routers. A flaw in the HNAP1 SOAP endpoint handling of XML data (SetAPLanSettings IPAddr) allows a stack-based buffer overflow due to improper validation of user-supplied data length, enabling remote code execution in the root context. Exploitat...

CVE-2023-44408 D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetAPLanSettings IPAddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerabilit...

CVE-2023-44405 D-Link DAP-1325 get_value_of_key Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 getvalueofkey Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...

CVE-2023-41214 D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 setDhcpAssignRangeUpdate lanipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41213 D-Link DAP-1325 setDhcpAssignRangeUpdate lan_ipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 setDhcpAssignRangeUpdate lanipaddr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-41211 D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetHostIPv6StaticSettings StaticPrefixLength Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to...

CVE-2023-41209

CVE-2023-41209 affects the D-Link DAP-1325 router. The vulnerability is a stack-based buffer overflow in the SetHostIPv6StaticSettings StaticDNS1 path, caused by improper validation of the length of XML data sent to the HNAP1 SOAP endpoint. An unauthenticated, network-adjacent attacker can exploi...

CVE-2023-41205 D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

CVE-2023-39472 Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability

Inductive Automation Ignition SimpleXMLReader XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

libxmljs2 type confusion vulnerability when parsing specially crafted XML

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop and remote code...

libxmljs vulnerable to type confusion when parsing specially crafted XML

libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop a...

CVE-2024-34394 libxmljs2 namespaces type confusion RCE

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces function which invokes XmlNode::getlocalnamespaces on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code...

CVE-2024-29010

The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity XXE injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS: 9.3.4 and earlier versions...

CVE-2024-20357

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...

Mageia: Security Advisory (MGASA-2024-0155)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated mediawiki packages fix security vulnerabilities

Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator...

Moderate: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability.

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-22354 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM WebSphere Hybrid Edition, are vulnerable to an XML External Entity XXE injection vulnerability. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...