CVE-2023-20855 - How an XXE Bug in VMware vRealize Orchestrator Opens Doors for Attackers
TL;DR:
A security vulnerability (CVE-2023-20855) was discovered in VMware vRealize Orchestrator, allowing attackers with basic access to potentially steal secrets or escalate privileges using
CVE-2022-40771 - How an XML External Entity (XXE) Attack in Zoho ManageEngine ServiceDesk Plus Exposed Sensitive Data
---
Introduction
In late 2022, a critical security flaw—CVE-2022-40771—was disclosed in Zoho ManageEngine ServiceDesk Plus (versions 13010 and earlier). This vulnerability is an
CVE-2022-40304 - Explaining the Libxml2 Hash Table Key Corruption Vulnerability
On November 14, 2022, a vulnerability known as CVE-2022-40304 was made public, affecting libxml2 — the popular XML parsing library used by countless open-source and commercial
CVE-2022-44641 - XML Entity Expansion Attack in Linaro LAVA – Exploit, Details & How It Works
The world of DevOps, CI/CD, and embedded testing relies on automation frameworks like Linaro Automated Validation Architecture (LAVA). However, a major security hole—CVE-2022-44641—
CVE-2022-20938 - How a Simple XML Import Bug Could Leak Sensitive Data in Cisco Firepower Management Center
In November 2022, Cisco published CVE-2022-20938, detailing a vulnerability in the import function of the Cisco Firepower Management Center (FMC) administrative interface. While on the
Episode
00:00:00
00:00:00