An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.

CVE-2022-34832: XXE in AgileReporter 21.3 by VERMEG

An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.

For a strategic solution you seek:

*   Cost reduction & risk reduction
*   Efficiency optimisation
*   Embedded regulatory change management
*   Straight through process control
*   Senior management certification obligations
*   Regulatory reporting certainty, globally
*   Machine-readable regulatory reporting readiness

**SaaS**

Reduce your TCO. Let VERMEG handle the IT complexity​

**AGILE MI**

Gain valuable insights from your regulatory data​​

**AGILE Assure**

Bring the DataOps revolution to your regulatory data management ​​

​​

**Digital Transformation**

Extend, customise and innovate with AGILE Design Studio and Veggo ​​

**AGILE Reporter value for our clients**

Calculation & allocation: Comprehensive calculations from Basel III risks to national statistical allocations

Ratios: Credit & Market Risk, Leverage, Liquidity Coverage, Large Exposures, IRFS standard computations, integration of models and own analysis reporting

International reporting: Coverage including EBA & ECB (COREP, AnaCredit etc), and multiple international regulators in EU, UK, US, and MAS, HKMA, APRA and others

Added value: Capital utilisation, CFO & management information, dashboard status, threshold alerts, key performance metrics

Change management: VERMEG regulatory change management includes horizon management, impact analyses, data deltas and reporting update service

Workflow and maximised automation: Validations, variance, trend and other sanity checks achieve optimised straight-through processing

Process control: Enjoy ‘exceptions only’ intervention & instantly traceable attestation & approval audit trail

Sized & delivered to suit you: Choose from enterprise-wide full automation, or local last mile, on premise, in the cloud or Regulatory-Reporting-As-A-Service

Download our brochure about AGILE Reporter (PDF).

Granular Data Reporting – a new paradigm of innovation in regulatory reporting or just new challenges?

**Download the Whitepaper**

**Client stories**

**Client 1  
Tier 1 Domestic Bank**

**Challenge**

*   To find a Regulatory Reporting solution capable of integrating with external calculation and processing capabilities
*   To reduce operational risk
*   To increase reporting consistency and transparency
*   To facilitate accelerated regulatory change management

**Client 2  
Neobank growing from start-up**

**Challenge**

*   To find a partner for its Finance team to assist with regulatory reporting requirements in the immediate term and the future as the organisation evolves and scales to a fully fledged bank.
*   The need for a solution/system that minimises the resource requirements of bank’s teams in the areas of Solution Delivery
*   To find a vendor to provide not just a solution but also subject matter expertise to complement the in house team, and to ensure all new regulatory reporting requirements can be met.

**Solution**

*   Provision of AGILE Reporter’s out of the box integration to Oracle’s OFSAA (Oracle Financial Services Analytical Applications) platform.
*   Improved Straight Through Processing (STP) achieved from direct coupling of outputs from OFSAA Results data to AGILE Reporter.
*   VERMEG Subject Matter Expertise around the interpretation of client requirements and business for reporting purposes and the delivery of the operational process to fulfil these.
*   Ability to incorporate data from sources outside of OFSAA into regulatory reporting workflow to ensure completeness of automated reporting coverage.

**Solution**

*   Full scope automated AGILE Reporter deployment
*   VERMEG regulatory expertise to provide guidance on current and future regulatory requirements
*   Analysis Module to facilitate Bank scrutiny of Regulatory Data
*   Hosted on VERMEG cloud platform (Amazon Web Services)

**Results**

*   Streamlined overall Regulatory Reporting workflow while minimising manual intervention in the process
*   Increased accuracy of reporting results through use of the consolidated platform
*   Transparency of process by providing lineage of reporting data from source to regulatory return

**Results**

*   Automated, end-to-end solution providing population of regulatory returns from source data without manual intervention or work arounds
*   Flexible data mapping that meets the needs of a growing business and an evolving IT Architecture
*   Consistent data lineage from source through to final returns
*   Comprehensive validation checks ensure integrity of regulator submissions
*   Cloud solution minimises burden on Bank’s technical resources with regard to both delivery and ongoing maintenance

****Awards & Certifications****

**VEREMG is delighted to share that we were recently awarded ‘Best Vendor Solution for APRA APS 220′ AND ‘Best MAS 610 Solution’ by the RegTech Insight APAC Awards 2022 for our AGILE Reporter solution.**

Read More

CVE-2022-34834: AgileReporter | Regulatory Reporting Solution by VERMEG

An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.

Important note:  
**_User with lower permission is able to add comment with payload that executed in the admin's browser._**

**How to reproduce:**  
1\. Click the name of one of the Returns.  
2\. Click on Activity log.  
3\. Click on Add comment.  
4\. Paste the following payload into the input field:  
    <img/src=\`%00\` onerror=this.onerror=confirm(3)>  
5\. Click OK  
6\. Open https://_...removed\_by\_tester_/analysis-module/dashboard  
7\. Select Regulator, Entity and exactly that Return that you have selected before  
8\. Click on Create  
9\. Click on Menu --> Comments: This will trigger the javascript pop-up code.

CVE-2022-34833: 1. Stored XSS in AgileReporter 21.3 by VERMEG

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "c0151aa3ba76c785b32c7f9d16c98febe53017b1", "tree": "96bf9c2e4aeb3c9a5db37467c05c328039ae7d60", "parents": \[ "48779ff3ddafee92e4f098bdbaaf2e9f21b0957e" \], "author": { "name": "Hui Peng", "email": "phui@google.com", "time": "Tue May 16 02:09:38 2023 +0000" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu Aug 10 17:12:27 2023 +0000" }, "message": "Fix an integer underflow in build\_read\_multi\_rsp\\n\\nWhen p\_buf-\\u003elen is mtu - 1 and p\_cmd-\\u003emulti\_req.variable\_len\\nevaluates to true, integer underflow is triggered\\nin the following line, resulting OOB access.\\n\\n\`\`\`\\n len \\u003d p\_rsp-\\u003eattr\_value.len - (total\_len - mtu);\\n\`\`\`\\n\\nBug: 273874525\\nTest: manual\\nIgnore-AOSP-First: security\\nTag: #security\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:85f4d53c7bf90b806639a3a302f0007ffb3b9f23)\\nMerged-In: Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4\\nChange-Id: Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "0b60a6a8db91e9e1af0bc1f1426a73f50cfc2864", "old\_mode": 33188, "old\_path": "system/stack/gatt/gatt\_sr.cc", "new\_id": "4c00743228252e0d2805433ad5cc663b6f169250", "new\_mode": 33188, "new\_path": "system/stack/gatt/gatt\_sr.cc" } \] }

CVE-2023-40129

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.


*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-29009: Release basercms 4.8.0 リリース · baserproject/basercms

A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.

**About Lenovo**

*   Our Company
*   News
*   Investor Relations
*   Sustainability
*   Product Compliance
*   Product Security
*   Lenovo Open Source
*   Legal Information
*   Jobs at Lenovo

**Shop**

*   Laptops & Ultrabooks
*   Tablets
*   Desktops & All-in-Ones
*   Workstations
*   Accessories & Software
*   Servers
*   Storage
*   Networking
*   Laptop Deals
*   Outlet

**Support**

*   Drivers & Software
*   How To's
*   Warranty Lookup
*   Parts Lookup
*   Contact Us
*   Repair Status Check
*   Imaging & Security Resources
*   Glossary

**Resources**

*   Where to Buy
*   Shopping Help
*   Track Order Status
*   Product Specifications (PSREF)
*   Forums
*   Registration
*   Product Accessibility
*   Environmental Information
*   Gaming Community
*   LenovoEDU Community
*   LenovoPRO Community

© Lenovo.  
| | | |

CVE-2022-3700: Lenovo Vantage Component Vulnerabilities - Lenovo Support US

A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.
 

CVE-2022-3681

An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.

CVE-2022-3611

FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.

Expand Up @@ -683,7 +683,7 @@ static int read\_vlc\_prefix(GetBitContext \*gb, JXLEntropyDecoder \*dec, JXLSymbolD int repeat\_count\_prev \= 0, repeat\_count\_zero \= 0, prev \= 8; int total\_code \= 0, len, hskip, num\_codes \= 0, ret;  
VLC level1\_vlc; VLC level1\_vlc \= { 0 };  
if (dist\->alphabet\_size \== 1) { dist\->vlc.bits \= 0; Expand All @@ -709,8 +709,10 @@ static int read\_vlc\_prefix(GetBitContext \*gb, JXLEntropyDecoder \*dec, JXLSymbolD } }  
if (total\_code != 32 && num\_codes >= 2 || num\_codes < 1) return AVERROR\_INVALIDDATA; if (total\_code != 32 && num\_codes >= 2 || num\_codes < 1) { ret \= AVERROR\_INVALIDDATA; goto end; }  
for (int i \= 1; i < 19; i++) level1\_codecounts\[i\] += level1\_codecounts\[i \- 1\]; Expand All @@ -726,29 +728,30 @@ static int read\_vlc\_prefix(GetBitContext \*gb, JXLEntropyDecoder \*dec, JXLSymbolD if (ret < 0) goto end;  
buf \= av\_mallocz(dist\->alphabet\_size \* (2 \* sizeof(int8\_t) + sizeof(int16\_t) + sizeof(uint32\_t)) buf \= av\_mallocz(MAX\_PREFIX\_ALPHABET\_SIZE \* (2 \* sizeof(int8\_t) + sizeof(int16\_t) + sizeof(uint32\_t)) + sizeof(uint32\_t)); if (!buf) { ret \= AVERROR(ENOMEM); goto end; }  
level2\_lens \= (int8\_t \*)buf; level2\_lens\_s \= (int8\_t \*)(buf + dist\->alphabet\_size \* sizeof(int8\_t)); level2\_syms \= (int16\_t \*)(buf + dist\->alphabet\_size \* (2 \* sizeof(int8\_t))); level2\_codecounts \= (uint32\_t \*)(buf + dist\->alphabet\_size \* (2 \* sizeof(int8\_t) + sizeof(int16\_t))); level2\_lens\_s \= (int8\_t \*)(buf + MAX\_PREFIX\_ALPHABET\_SIZE \* sizeof(int8\_t)); level2\_syms \= (int16\_t \*)(buf + MAX\_PREFIX\_ALPHABET\_SIZE \* (2 \* sizeof(int8\_t))); level2\_codecounts \= (uint32\_t \*)(buf + MAX\_PREFIX\_ALPHABET\_SIZE \* (2 \* sizeof(int8\_t) + sizeof(int16\_t)));  
total\_code \= 0; for (int i \= 0; i < dist\->alphabet\_size; i++) { len \= get\_vlc2(gb, level1\_vlc.table, 5, 1); if (get\_bits\_left(gb) < 0) { ret \= AVERROR\_BUFFER\_TOO\_SMALL; goto end; } if (len \== 16) { int extra \= 3 + get\_bits(gb, 2); if (repeat\_count\_prev) extra \= 4 \* (repeat\_count\_prev \- 2) \- repeat\_count\_prev + extra; if (i + extra \> dist\->alphabet\_size) { ret \= AVERROR\_INVALIDDATA; goto end; } extra += 4 \* (repeat\_count\_prev \- 2) \- repeat\_count\_prev; extra \= FFMIN(extra, dist\->alphabet\_size \- i); for (int j \= 0; j < extra; j++) level2\_lens\[i + j\] \= prev; total\_code += (32768 >> prev) \* extra; Expand All @@ -759,7 +762,8 @@ static int read\_vlc\_prefix(GetBitContext \*gb, JXLEntropyDecoder \*dec, JXLSymbolD } else if (len \== 17) { int extra \= 3 + get\_bits(gb, 3); if (repeat\_count\_zero \> 0) extra \= 8 \* (repeat\_count\_zero \- 2) \- repeat\_count\_zero + extra; extra += 8 \* (repeat\_count\_zero \- 2) \- repeat\_count\_zero; extra \= FFMIN(extra, dist\->alphabet\_size \- i); i += extra \- 1; repeat\_count\_prev \= 0; repeat\_count\_zero += extra; Expand Down

CVE-2023-46407: avcodec/jpegxl_parser: fix OOB read regression · FFmpeg/FFmpeg@bf81438

A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.