Buffer Overflow

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute...

Memory Corruption

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1970,...

Low: Red Hat Security Advisory: openstack-ceilometer security update

An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

The vulnerability of the microprogramming software of the Cisco TelePresence Video Communication Server and the Cisco Expressway software lies in the lack of proper input data validation. This allows a perpetrator to trigger a service failure.

The vulnerability of the Microprogramming Software of the Cisco TelePresence Video Communication Server and the Cisco Expressway software exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures by sending SIP message...

CVE-2018-17169

An XML external entity XXE vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request...

The vulnerability of the Microsoft XML Core Services MSXML on the Windows operating system allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft XML Core Services MSXML in the Windows operating system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page from a remote...

[SECURITY] Fedora 30 Update: eog-3.32.1-2.fc30

The Eye of GNOME image viewer eog is the official image viewer for the GNOME desktop. It can view single image files in a variety of formats, as well as large image collections. eog is extensible through a plugin system...

DEBIAN-CVE-2019-9499

The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...

ALPINE-CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

DEBIAN-CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

ALPINE-CVE-2019-9499

The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection...

DEBIAN-CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

ALPINE-CVE-2019-9497

The implementations of EAP-PWD in hostapd EAP Server and wpasupplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not...

DEBIAN-CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...

Microsoft Internet Explorer XML Injection Vulnerability

Microsoft Internet Explorer is a Web browser that comes with the Windows operating system. Microsoft Internet Explorer suffers from an XML injection vulnerability. An attacker could exploit this vulnerability to conduct XML injection attacks...

DEBIAN-CVE-2018-12179

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

ArcSight Logger XML External Entity Parsing Vulnerability

Micro Focus ArcSight Logger is a suite of log management software from Micro Focus UK. The software collects and integrates data from any log generation source for log management, searching, indexing, reporting, analysis and retention. An XML external entity injection vulnerability exists in Micr...

PT-2019-6169 · Intel +5 · Edk Ii +5

Name of the Vulnerable Software and Affected Versions: EDKII affected versions not specified Description: The issue is related to insufficient input validation in the MdeModulePkg component of EDKII, which may allow an unauthenticated user with physical access to potentially enable escalation of...

Cisco NX-OS Denial of Service Vulnerability

Cisco NX-OS is a set of data center-grade operating system software used by switches. A denial of service vulnerability exists in Cisco NX-OS version 802.1X. The vulnerability stems from a failure to fully authenticate the input of Extensible Authentication Protocol EAPOL frames on the LAN. An...

The vulnerability of the `comps_objmrtree_unite` function in the libcomps library, which is related to memory usage after its deallocation, allows an attacker to execute arbitrary code.

The vulnerability of the compsobjmrtreeunite function in the libcomps library for working with XML files is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created XML file...