UBUNTU-CVE-2017-18233

An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service infinite loop via crafted XMP data in a .avi file...

CVE-2018-0878

Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how...

Gentoo net-im/jabberd2 elevation of privilege vulnerability

The Gentoo net-im/jabberd2 package is an XMPP Extensible Message Processing Field Protocol package from the Gentoo Foundation. A security vulnerability exists in the Gentoo net-im/jabberd2 package version 2.6.1 and earlier. A local attacker can exploit the vulnerability to terminate arbitrary...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix six bugs are now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2017-17134

XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has a DoS vulnerability. Due to not check the specially XML file enoug...

[SECURITY] Fedora 27 Update: ruby-2.4.3-87.fc27

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

CVE-2018-7301

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can be exploited by sending arbitrary XML-RPC requests to control the attached BidCos devices...

DEBIAN-CVE-2015-5315

The eappwdprocess function in eappeer/eappwd.c in wpasupplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service process...

The vulnerability of the hidden content checking component in the SAP NetWeaver software integration platform allows a perpetrator to access confidential information or cause service failures.

The vulnerability of the hidden content checking component in the SAP NetWeaver software integration platform is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information or caus...

The vulnerability of the YWorksLayouter component of the SAP NetWeaver software integration platform allows a perpetrator to access confidential information or cause service failures.

The vulnerability of the YWorksLayouter component of the SAP NetWeaver software integration platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information or cause service...

CVE-2017-15346

XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00,...

Serverless, Low Cost, Threat Intel Aggregation: ElasticIntel

ElasticIntel is serverless, low cost, threat intel aggregation for enterprise or personal use, backed by ElasticSearch. It is an alternative to expensive threat intel aggregation platforms which ingest the same data feeds you could get for free. ElasticIntel is designed to provide a central,...

CVE-2018-5789

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated XML Entity Expansion Denial of Service on the WiNG Access Point / Controller via crafted XML entities to the Web User Interface...

Micro Focus Fortify Audit Workbench and Fortify Software Security Center XML External Entity Injection Vulnerability

Micro Focus Fortify Audit Workbench AWB and Micro Focus Fortify Software Security Center SSC are both products of Micro Focus, a British company. Micro Focus Fortify Audit Workbench AWB is a software security auditing platform and Micro Focus Fortify Software Security Center SSC is a software...

The vulnerability of the Xerces2 Java XML parser, related to resource management errors, allows attackers to cause service failures.

The vulnerability of the Xerces2 Java XML parser is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause a service failure increased computational resources usage by using a specially crafted XML message...

CloudBees Jenkins FindBugs plugin XML external entity injection vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . FindBugs Plugin is used in one of th...

ALPINE-CVE-2018-5336

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth...

Huawei DP300 XML Parser Denial of Service Vulnerability

Huawei DP300 is a video conferencing endpoint from Huawei, a Chinese company. A denial of service vulnerability exists in the Huawei DP300 XML parser due to the product's failure to adequately checksum the malloc call to request memory. An authenticated, local attacker could launch a denial of...

Memory leak vulnerability in multiple Huawei products (CNVD-2017-37503)

Huawei AR and SRG series enterprise routers are all-in-one routers for small and medium-sized offices or branches of small and medium-sized enterprises launched by Huawei; TE series, DP300, and MAX PRESENCE are all integrated desktop smart products and high-definition videoconferencing terminals...

undertow: Long URL proxy request lead to java.nio.BufferOverflowException and DoS

It was discovered that a long URL sent to EAP 7 Server operating as a reverse proxy with default buffer sizes causes a Denial of Service...