CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3892 – Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE
https://notcve.org/view.php?id=CVE-2023-3892
19 Sep 2023 — Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this document into specific 3rd party private RTst metadata tags, transfer the now compromised DICOM object to MIM, and force MIM to archive and load the data. Users on either version are strongly encouraged to update to an un... • https://www.mimsoftware.com/cve-2023-3892 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1106
https://notcve.org/view.php?id=CVE-2008-1106
09 Jun 2008 — The management interface in Akamai Client (formerly Red Swoosh) 3322 and earlier allows remote attackers to bypass authentication via an HTTP request that contains (1) no Referer header, or (2) a spoofed Referer header that matches an approved domain, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and force the client to download and execute arbitrary files. La interfaz de administración de Akamai Client (formerly Red Swoosh) 3322 y versiones anteriores permite a atacante... • http://secunia.com/advisories/30135 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •