CVE-2017-11273

An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. Adobe Digital Editions parses crafted XML files in an unsafe manner, which could lead to sensitive information disclosure...

USN-3504-1 libxml2 vulnerability

Wei Lei discovered that libxml2 incorrecty handled certain parameter entities. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service...

Multiple Huawei Products XML Parser Denial of Service Vulnerabilities

Huawei S12700 and so on are enterprise switch products of Huawei China Company. XML parser is one of the XML parsers. A denial of service vulnerability exists in the XML parser in several Huawei products, which stems from the program's lack of validation of XML files. An attacker could cause a...

UBUNTU-CVE-2017-14949

Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities not parameter external entities are properly considered. This is related to XmlRepresentation, DOMRepresentatio...

expat: buffer over-read and crash on XML with malformed UTF-8 sequences

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

IBM Security Access Manager Appliance XML External Entity Injection Vulnerability

IBM Security Access Manager Appliance is an application for information security management from IBM, USA. The program enables access management control through an integrated appliance for web, mobile and cloud computing. An XML external entity injection vulnerability exists in IBM Security Acces...

Apache Roller XML-RPC protocol support XML injection vulnerability

Apache Roller is the United States Apache Apache Software Foundation's set of feature-rich multi-user blogging platform. XML-RPC protocol support is one of the XML-RPC transport protocol support component. A security vulnerability exists in the XML-RPC protocol support in Apache Roller versions...

Design/Logic Flaw

A vulnerability in Extensible Authentication Protocol EAP ingress frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency RF adjacent attacker to cause the Access Point AP to reload, resulting in a denial of service...

Cisco Aironet Access Points MAC Authentication Bypass Vulnerability

A vulnerability in the implementation of Protected Extensible Authentication Protocol PEAP functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected...

CVE-2017-15950

Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buffer overflow that can be exploited for arbitrary code execution. The flaw is triggered by providing a long input into the "Destination directory" field, either within an XML document or through use of passive mode...

Apache OpenNLP XXE Vulnerability

Apache OpenNLP is the United States Apache Apache Software Foundation developed a toolkit based on machine learning for processing natural language text. A security vulnerability exists in Apache OpenNLP. An attacker could exploit this vulnerability to conduct XML external entity injection attack...

OpenMRS Remote Command Execution Vulnerability

OpenMRS Reference Application is a suite of open source EHR applications.Reporting Compatibility Add On is one of the compatibility reporting components. A remote command execution vulnerability exists in OpenMRS, which is caused by the application failing to authenticate the user when...

CVE-2017-3883

A vulnerability in the authentication, authorization, and accounting AAA implementation of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA process...

CVE-2017-3883

A vulnerability in the authentication, authorization, and accounting AAA implementation of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA process...

CVE-2017-3883

CVE-2017-3883 affects Cisco FXOS and NX-OS System Software with AAA enabled. An unauthenticated remote attacker can brute-force login attempts, causing AAA processes to block keepalive messages; memory pressure can trigger AAA restart or device reload, leading to a denial of service. Affected pro...

[SECURITY] Fedora 25 Update: weechat-1.9.1-1.fc25

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 27 Update: weechat-1.9.1-1.fc27

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 26 Update: httpd-2.4.27-3.fc26

The Apache HTTP Server is a powerful, efficient, and extensible web server...

STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30311)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability to cause a denial of service with the help of a...

Adobe ColdFusion Information Disclosure Vulnerability (CNVD-2017-32687)

Adobe ColdFusion is a dynamic Web server product that runs CFML which is a programming language for Web applications. Adobe ColdFusion fails to properly restrict references to XML external entities, allowing remote attackers to exploit vulnerabilities to submit special requests, obtain sensitive...