Cisco IOS and IOS XE Software Denial of Service Vulnerability (CNVD-2017-31984)

Cisco IOS and IOS XE Software are both operating systems developed by Cisco for its network devices. A denial of service vulnerability exists in the IPv6 Simple Network Management Protocol SNMP in Cisco IOS and IOS XE Software. A remote attacker could exploit this vulnerability to cause a denial ...

BSA-2017-429

Security Advisory ID : BSA-2017-429 Component : Struts REST Revision : 2.0: Interim A flaw was found in the Struts REST plugin when using an outdatedXStreamlibrary. An attacker could perform a denial of service attack using a malicious request with specially crafted XML payload. Affected Products...

CVE-2017-1458

IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377...

Automated Logic Corporation Multiple Device XML External Entity Vulnerability

Automated Logic provides a full range of building MEP control systems for a wide range of users, including central air conditioning automation, variable power distribution monitoring, water supply and drainage monitoring, lighting monitoring and elevator monitoring. The system has been widely use...

Microsoft Edge Chakra TryUndeleteProperty Incorrect Usage

Microsoft Edge: Chakra: Incorrect usage of TryUndeleteProperty CVE-2017-8635 Chakra implemented the reuse of deleted properties of an unordered dictionary object with the following code. bool SimpleDictionaryUnorderedTypeHandler::TryReuseDeletedPropertyIndex DynamicObject const object,...

Adobe Acrobat/Reader Remote Code Execution Vulnerability (CNVD-2017-28434)

Adobe Reader is a PDF document reading software.Acrobat is a PDF document editing software. Adobe Acrobat Reader has a remote code execution vulnerability when using the XFA layout engine to generate content, which can be exploited by an attacker to execute arbitrary code...

Adobe Digital Editions Security Bypass Vulnerability

Adobe Digital Editions DE is a set of e-book reading and management software of the United States Ordoby Adobe. Through the software can open, read and manage PDF, XML, Flash files. A security bypass vulnerability exists in Adobe DE 4.5.4 and earlier versions. A remote attacker can exploit this...

OpenJDK: insecure XML parsing in wsdlimport (JAX-WS, 8182054)

It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak...

[SECURITY] Fedora 24 Update: ruby-2.3.3-62.fc24

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

Trend Micro Control Manager XML External Entity Vulnerability

Trend Micro Control Manager is the centralized management console for managing Trend Micro products and services. A security vulnerability in Trend Micro Control Manager's handling of XML external entities allows remote attackers to exploit the vulnerability by submitting specialized XML data,...

pidgin: Out-of-bounds write in purple_markup_unescape_entity triggered by invalid XML

An out-of-bounds write flaw was found in the way Pidgin processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

pidgin: remote information leak via crafted XMPP message

An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message...

IBM Tivoli Endpoint ManagerXML External Entity Injection Vulnerability

IBM BigFix Platform is IBM's dynamic multi-technology platform that integrates message content drivers and management systems, of which Tivoli Endpoint Manager is the endpoint control software. An XML external entity injection vulnerability exists in Tivoli Endpoint Manager in IBM BigFix Platform...

[SECURITY] Fedora 24 Update: jabberd-2.6.1-1.fc24

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

Heap Overflow Vulnerability in WPS

WPS is an office software developed by Kingsoft Office Software. A heap overflow vulnerability exists in WPS text. The vulnerability is due to the program fails to validate the buffer length, an attacker can exploit the vulnerability by constructing a malformed XML file resulting in heap corrupti...

Huawei OceanStor UDS Information Disclosure Vulnerability

Huawei OceanStor UDS is a high-density storage node and distributed storage system based on ARM architecture from Huawei, China. A security vulnerability exists in the XML interface of Huawei OceanStor UDS V100R002C01SPC101 and earlier versions. A remote attacker can exploit this vulnerability by...

The vulnerability of XSLT programs for viewing and editing PDF files in Adobe Reader, Adobe Acrobat Document Cloud, Adobe Acrobat, and Adobe Reader Document Cloud allows attackers to execute arbitrary code.

The vulnerability of XSLT programs for viewing and editing PDF files in Adobe Reader, Adobe Acrobat Document Cloud, Adobe Acrobat, and Adobe Reader Document Cloud arises from operations that go beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrar...

CVE-2017-6722

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user, aka a Clear Text Authentication Vulnerability. More Information: CSCuw86638. Known Affect...

Cisco Unified Contact Center Express Security Bypass Vulnerability

Cisco Unified Contact Center Express is a single-server, integrated contact center for formal and informal contact centers. A security bypass vulnerability exists in the Extensible Messaging and Presence Protocol XMPP service for Cisco Unified Contact Center Express UCCx, which can be exploited b...

BSA-2017-342

Security Advisory ID : BSA-2017-342 Component : Freeradius Revision : 2.0: Interim The TLS session cache inFreeRADIUS2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remo...