The vulnerability of the wpa_supplicant function in the EAP hostapd server allows a hacker to induce a service failure.

The vulnerability of the wpasupplicant function in the EAP hostapd server is related to errors during the verification of the recompilation of the fragmentation fragment. Exploiting this vulnerability can allow a malicious actor to cause service failure...

reblog

Defeating a Laptop's BIOS Password We found a laptop laying a...

Debian DSA-4632-1 : ppp - security update

Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol EAP packet parser in the Point-to-Point Protocol Daemon pppd. An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service pppd daemon crash. C...

[SECURITY] [DSA 4632-1] ppp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4632-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2020 https://www.debian.org/security/faq -...

Cisco Meeting Server XMPP Denial of Service Vulnerability

Cisco Meeting Server is a video conferencing solution from Cisco that combines place-based video, audio, and Web communications to meet the collaboration needs of the modern workplace. A denial of service vulnerability exists in the Extensible Messaging and Status Protocol XMPP feature in Cisco...

SOS JobScheduler JOC Cockpit XML External Entity Vulnerability

Cockpit is an interactive server management interface. An XML External Entity XEE vulnerability exists in the SOS JobScheduler JOC Cockpit. An attacker can exploit this vulnerability to read files from the server via entity declarations in any XML document used to specify runtime settings for job...

[SECURITY] Fedora 31 Update: xar-1.8.0.417.1-1.fc31

The XAR project aims to provide an easily extensible archive format. Import ant design decisions include an easily extensible XML table of contents for ran dom access to archived files, storing the toc at the beginning of the archive to allow for efficient handling of streamed archives, the abili...

GHSA-R6J9-8759-G62W Improper Restriction of XML External Entity Reference in jackson-mapper-asl

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar to CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes...

ALPINE-CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

UBUNTU-CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

[SECURITY] Fedora 30 Update: xar-1.8.0.417.1-1.fc30

The XAR project aims to provide an easily extensible archive format. Import ant design decisions include an easily extensible XML table of contents for ran dom access to archived files, storing the toc at the beginning of the archive to allow for efficient handling of streamed archives, the abili...

PT-2020-1777

Name of the Vulnerable Software and Affected Versions ppp versions 2.4.2 through 2.4.8 Description The issue is related to buffer overflow errors in the eap request and eap response functions of the pppd daemon in the Point-to-Point Protocol PPP. Exploitation of this issue may allow a remote...

PPP Buffer Overflow Vulnerability

PPP is a data link protocol that establishes a direct point-to-point connection. A buffer overflow vulnerability exists in the 'eaprequest' and 'eapresponse ' functions in PPP versions 2.4.2 through 2.4.8. The vulnerability stems from a network system or product performing operations in memory...

The vulnerability of the XML Parsing component in the Easy XML Editor allows a hacker to cause a service failure in the application or to read arbitrary files from the system.

The vulnerability of the XML Parsing component in the Easy XML Editor is related to errors in processing XML requests. Exploiting this vulnerability can allow an attacker to cause service failures in the application or enable them to read arbitrary files in the system by running a specially craft...

PYSEC-2020-231

Feedgen python feedgen before 0.9.0 is susceptible to XML Denial of Service attacks. The feedgen library allows supplying XML as content for some of the available fields. This XML will be parsed and integrated into the existing XML tree. During this process, feedgen is vulnerable to XML Denial of...

[SECURITY] Fedora 31 Update: xar-1.6.1-1.fc31

The XAR project aims to provide an easily extensible archive format. Import ant design decisions include an easily extensible XML table of contents for ran dom access to archived files, storing the toc at the beginning of the archive to allow for efficient handling of streamed archives, the abili...

ezXML Stack Overflow Vulnerability

ezXML is a C library for parsing XML documents . A stack overflow vulnerability exists in ezXML. The vulnerability stems from the ezxmlentok function not handling recursion correctly. An attacker could exploit this vulnerability via a specially crafted XML file to cause a denial of service...

ezXML Null Pointer Dereference Vulnerability

ezXML is a C library for parsing XML documents . A null pointer dereference vulnerability exists in ezXML. The vulnerability stems from the ezxmldecode function performing incorrect memory handling when parsing specially crafted XML files. An attacker could exploit this vulnerability to cause a...

ezXML Heap Buffer Over Read Vulnerability

ezXML is a C library for parsing XML documents . A heap buffer over-read vulnerability exists in ezXML. The vulnerability stems from the ezxmldecode function performing incorrect memory handling when parsing specially crafted XML files. An attacker could exploit this vulnerability to cause a deni...

The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform allows a hacker to gain unauthorized access to protected information.

The vulnerability of the XMLFileLookupService component in the Apache NiFi data processing platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protecte...