1013 matches found
IBM Rational Team Concert Denial of Service Vulnerability
IBM Rational Team Concert RTC is a software lifecycle management solution based on the Jazz platform and supports decentralized teams to collaborate in real time. A security vulnerability exists in IBM Rational Team Concert's handling of external entities containing malicious XML, which could be...
DEBIAN-CVE-2016-1837
Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a...
UBUNTU-CVE-2016-1840
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...
UBUNTU-CVE-2016-1833
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...
Cisco Adaptive Security Appliance Denial of Service Vulnerability (CNVD-2016-03383)
Cisco Adaptive Security Appliance ASA, Adaptive Security Appliance is a set of firewall appliances from the American company Cisco Cisco. The appliance also includes IPS Intrusion Prevention System, SSL VPN, IPSec VPN, anti-spam and other features. A security vulnerability exists in the XML parse...
PT-2016-2294 · Expat +6 · Expat +6
Name of the Vulnerable Software and Affected Versions: Expat affected versions not specified Description: The issue is caused by a buffer overflow in the Expat library. It may allow a remote attacker to cause a denial of service crash or execute arbitrary code using specially crafted XML data...
UBUNTU-CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...
PT-2016-4752 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions through 9.5.2 Description: The issue concerns the XML parser in the software, allowing remote authenticated users to cause a denial of service, which may result in instability, memory...
mxml stack resource consumption vulnerability (CNVD-2016-03005)
mxml is an XML language for laying out user interfaces in Adobe Flex. A security vulnerability exists in the mxml-node.c file of mxml. An attacker can exploit the vulnerability with the help of a specially crafted xml file to cause stack resource consumption...
Libxml2 Stack Buffer Overflow Vulnerability
Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A stack buffer overflow vulnerability exists in Libxml2. An attacker can exploit this...
jenkins: Remote code execution through remote API (SECURITY-247)
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...
PHP ext/xml/xml.c Integer Overflow Vulnerability
PHP is an open source general-purpose computer scripting language. An integer overflow vulnerability exists in PHP's ext/xml/xml.c file, which allows remote attackers to use the vulnerability to crash an application or execute arbitrary code...
The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the nsScannerString::AppendUnicodeTo function in Thunderbird email clients, as well as in Firefox and Firefox ESR browsers, arises due to buffer overflows. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure memory exhaustion ...
The vulnerability of the Squid proxy server allows a hacker to cause a service failure.
The vulnerability of the Edge Side Includes parser of the Squid proxy server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause a service failure—such as the appearance of an error message “Assertion failure” or the termination of...
Libxml2 Denial of Service Vulnerability (CNVD-2016-01804)
Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A security vulnerability exists in Libxml2. This vulnerability can be exploited to cause ...
xerces-c: parser crashes on malformed input
It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with...
DEBIAN-CVE-2016-2073
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...
Vulnerability of Mac OS X and iOS operating systems, allowing attackers to read arbitrary files
The vulnerability of operating systems Mac OS X and iOS is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to remotely access and read arbitrary files using a specially crafted iBook file containing links to external XML...
jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags
It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...
OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)
It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...