19641 matches found
Updated fonttools packages fix security vulnerabilities
As of fonttools=4.28.2 the subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem...
CVE-2024-27266
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566...
CVE-2024-27266 IBM Maximo Application Suite XML external entity injection
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566...
CVE-2024-27266 IBM Maximo Application Suite XML external entity injection
IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566...
CVE-2024-27266
CVE-2024-27266 affects IBM Maximo Application Suite in the Maximo Asset Management/Manage component (example: MAS 7.6.1.3). The vulnerability is XML External Entity (XXE) processing, enabling a remote attacker to disclose sensitive data or consume memory resources. IBM and Red Hat/IBM bulletin re...
EulerOS 2.0 SP8 : php (EulerOS-SA-2024-1288)
According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track...
CVE-2024-28757
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...
CVE-2024-28757
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...
CVE-2024-28757
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...
CVE-2024-28757
The CVE-2024-28757 entry concerns libexpat up to version 2.6.1, where XML External Entity (XXE) processing can be triggered when isolated external parsers are used (XML_ExternalEntityParserCreate). The impact is denial of service or resource exhaustion (availability impact: HIGH) with CVSS v3.1 b...
Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations
Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act DMA went into effect in the European Union. "This allows users of third-party providers who choose to enable interoperability interop t...
Fedora: Security Advisory for nekohtml (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for xstream (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for xalan-j2 (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for jdom2 (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for jackson-jaxrs-providers (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for xml-commons-apis (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for golang-github-tdewolff-minify (FEDORA-2024-0d4d9925a2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-c3e32c5635)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for xml-maven-plugin (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...