DEBIAN-CVE-2018-11574

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files...

UBUNTU-CVE-2018-11574

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files...

infinispan: deserialization of data in XML and JSON transcoders

Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possibl...

CVE-2018-5177

A vulnerability exists in XSLT during number formatting where a negative buffer size may be allocated in some instances, leading to a buffer overflow and crash if it occurs. This vulnerability affects Firefox 60...

Apache NiFi SplitXML processor code execution vulnerability

Apache NiFi is the United States Apache Apache Software Foundation of a set of data flow-based data processing and distribution system. The system supports the configuration and transformation of data routing indicator maps and system intermediary logic , etc. SplitXML processor is one of the XML...

Microsoft PowerPoint Remote Code Execution Vulnerability (CNVD-2018-10942)

Microsoft Office 2016 for Mac is a Mac-based office software suite product developed by Microsoft Corporation in the U.S. PowerPoint is a document presentation tool in the Office suite. A security vulnerability exists in PowerPoint in Microsoft Office 2016 for Mac-based platforms, which stems fro...

Cisco Identity Services Engine Denial of Service Vulnerability

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform oversees the network by collecting real-time information from the network, users, and devices, and developing and enforcing policies accordingly.ISE Express...

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution...

Mozilla Firefox XSLT Buffer Overflow Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A buffer overflow vulnerability exists in XSLT in Mozilla Firefox during number formatting. An attacker could exploit this vulnerability to cause a denial of service...

Pulse Secure Pulse Connect Secure Denial of Service Vulnerability

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A security vulnerability exists in Pulse Connect Secure versions 8.1.x prior to 8.1R14, 8.2.x prior to 8.2R11, and 8.3.x prior to 8.3R5, which stems from the...

CVE-2018-9849

Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service memory consumption and memory errors via a crafted XML document...

Sandcat Browser 6.0 - Pentest And Developer-Oriented Web Browser

Sandcat is a lightweight multi-tabbed web browser that combines the speed and power of Chromium and Lua. Sandcat comes with built-in live headers, an extensible user interface and command line console, resource viewer, and many other features that are useful for web developers and pen-testers and...

[SECURITY] Fedora 26 Update: librelp-1.2.15-1.fc26

Librelp is an easy to use library for the RELP protocol. RELP stands for Reliable Event Logging Protocol is a general-purpose, extensible logging protocol...

[SECURITY] Fedora 28 Update: httpd-2.4.33-2.fc28

The Apache HTTP Server is a powerful, efficient, and extensible web server...

CVE-2018-6660

Directory Traversal vulnerability in McAfee ePolicy Orchestrator ePO 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows administrators to use Windows alternate data streams, which could be used to bypass the file extensions, via not properly validating the path when exporting a particular XML file...

[SECURITY] Fedora 28 Update: afflib-3.7.16-4.fc28

AFF=EF=BF=BD=EF=BF=BD is an open and extensible file format designed to sto re disk images and associated metadata. afflib is library for support of the Advanced Forensic Format AFF...

textpattern denial of service vulnerability

textpattern is an excellent blogging system. A security vulnerability exists in the Import XML feature in textpattern version 4.6.2. An attacker can exploit this vulnerability by uploading a specially crafted XML file to cause a denial of service exhaustion of server memory resources...

IBM ConnectionsXML External Entity Injection Vulnerability

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. An XML external entity...

UBUNTU-CVE-2017-18233

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file...