apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

CVE-2007-6755

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation DualECDRBG algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection...

CVE-2013-3892

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."...

Memory corruption

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."...

Memory corruption

Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."...

CVE-2013-3892

Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Memory Corruption Vulnerability."...

CVE-2013-3890

Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."...

CVE-2013-3892

CVE-2013-3892 affects Microsoft Word 2007 SP3 and Office Compatibility Pack SP3, where parsing crafted Office documents can lead to remote code execution. The underlying issue is memory corruption during document processing, enabling an attacker to run arbitrary code with the user’s privileges. T...

CVE-2013-3890

Summary (CVE-2013-3890) : Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 are affected by memory corruption vulnerabilities that allow remote code execution via a crafted Office document. The issue is documented as two memory-corruption vulnerabilities enabling arbitrary...

MS Office Compatibility Pack Remote Code Execution Vulnerabilities (2885084)

This host is missing an important security update according to Microsoft Bulletin MS13-086. OpenVAS Vulnerability Test $Id: secpodmscompatpackms13-086.nasl 6104 2017-05-11 09:03:48Z teissa $ MS Office Compatibility Pack Remote Code Execution Vulnerabilities 2885084 Authors: Antu Sanadi Copyright:...

Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2885080)

This host is missing an important security update according to Microsoft Bulletin MS13-085. OpenVAS Vulnerability Test $Id: secpodmsofficecompatibilitypackms13-085.nasl 6125 2017-05-15 09:03:42Z teissa $ Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities 2885080 Authors: An...

MS13-086: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084)

The remote Windows host is running a version of Microsoft Office or Microsoft Office Compatibility Pack that is affected by multiple remote code execution vulnerabilities. The vulnerabilities exist in the way that Microsoft Word parses specially crafted files. An attacker who successfully exploit...

Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2885080)

This host is missing an important security update according to Microsoft Bulletin MS13-085. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Office Compatibility Pack Remote Code Execution Vulnerabilities (2885084)

This host is missing an important security update according to Microsoft Bulletin MS13-086. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Bedrock Linux

Bedrock Linux Bedrock Linux is a Linux distribution created with the aim of making most of the often seemingly mutually-exclusive benefits of various other Linux distributions available simultaneously and transparently. If one would like a rock-solid stable base for example, from Debian or a RHEL...

Release Information for Veeam Backup & Replication 7 Patch 1

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Challenge These are the issues resolved by Patch 1 for Veeam Backup & Replication 7.0.0.690. This is NOT a compatibility patch for vSphere 5.5. Cause Please confirm yo...

[SECURITY] Fedora 20 Update: rubygems-2.0.8-104.fc20

RubyGems is the Ruby standard for publishing and managing third party libraries...

Debian: Security Advisory (DSA-2757-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-3159

Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Enti...

CVE-2013-3849

Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service memory...