Vulnerabilities in Popular Fonts Allow XXE Attacks and Arbitrary Command Execution | allinfosecnews.com

March 11, 2024, 11:06 a.m. | Dhivya

Cyber Security News cybersecuritynews.com

The popular fonts used in web development and design can be exploited to launch XML External Entity (XXE) attacks and execute arbitrary commands. These vulnerabilities, identified as CVE-2023-45139, CVE-2024-25081, and CVE-2024-25082, pose a significant threat, allowing for XML External Entity (XXE) attacks and arbitrary command execution. This poses a significant security risk to users and […]

The post Vulnerabilities in Popular Fonts Allow XXE Attacks and Arbitrary Command Execution appeared first on Cyber Security News.

attacks can command cve design development exploited external fonts launch popular threat vulnerabilities vulnerability web web development xml xxe

More from cybersecuritynews.com / Cyber Security News

ELLIO and ntop partnership to boost high-speed network traffic monitoring with real-time data on opportunistic … 1 day, 15 hours ago | cybersecuritynews.com

applications attacks botnets commercial +17

Windows-based AllaKore Malware Abuses Azure Cloud for C2 Infrastructure 1 day, 16 hours ago | cybersecuritynews.com

accounts azure azure cloud bank +27

Hackers Impersonating As Fake Toll Payment Processor Across The U.S. 1 day, 16 hours ago | cybersecuritynews.com

cyber security cybersecurity e-zpass e-zpass fraud +21

Hackers Compromised 600,000 SOHO Routers Within 72 Hours For Botnet 1 day, 16 hours ago | cybersecuritynews.com

72 hours attack attacks botnet +26

Telegram Know For Secure Messaging, Now Became A Tool For Cybercriminals 1 day, 18 hours ago | cybersecuritynews.com

abuse creators cybercriminals cyber security +12

Microsoft Observed Huge-Surge In Attacks Targeting Internet-Exposed OT Devices In WWS 1 day, 21 hours ago | cybersecuritynews.com

attacks cyberattacks cyberav3ngers cyber security +24

RedTail Cryptominer Exploiting Palo Alto Networks Firewall Zero-day Flaw 2 days, 2 hours ago | cybersecuritynews.com

alto arbitrary code attackers code +33

BBC Data Breach: Hackers Access Cloud-Based Storage Service 2 days, 2 hours ago | cybersecuritynews.com

access bbc breach cloud +25

New Meterpreter Backdoor Hides Malicious Codes Within the Image 2 days, 16 hours ago | cybersecuritynews.com

any.run backdoor code conceal +13

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com