The vulnerability of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system allows a perpetrator to execute arbitrary commands.

The vulnerability of the debugging functionality of the Cisco Firepower Extensible Operating System and the Cisco Unified Computing System Central device management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating locally,...

CoDeSys Stack Buffer Overflow Vulnerability

3S-Smart Software Solutions CODESYS is a suite of PLC programmable logic controller software programming tools from 3S-Smart Software Solutions, Germany. CODESYS Web Server is one of the web servers. A stack buffer overflow vulnerability exists in CODESYS Web Server version 2.3 and earlier. An...

CVE-2016-7585

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves mishandling of DMA in the "EFI" component. It allows physically proximate attackers to discover the FileVault 2 encryption password via a crafted Thunderbolt adapter...

IBM Cúram Social Program Management XML External Entity Injection Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. IBM Cúram Social Program Management suffers from an XML external entity injection vulnerability. A remote attacker cou...

Apache Camel Validation Component Request Forgery Vulnerability

Apache Camel is the United States Apache Apache Software Foundation of a set of open source based on Enterprise Integration Pattern Enterprise Integration Pattern , referred to as EIP integration framework. The framework provides Enterprise Integration Pattern of Java objects POJO implementation ...

Microsoft Windows XML External Entity Information Disclosure Vulnerability

Microsoft Windows is the popular computer operating system. Microsoft Windows suffers from an XML External Entity Information Disclosure vulnerability that can be exploited by an attacker to read sensitive information on the target system...

DEBIAN-CVE-2016-10040

Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service application crash via a xml file with multiple nested open tags...

UBUNTU-CVE-2016-10068

The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service segmentation fault and application crash via a crafted XML file...

CVE-2016-8974

IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference ...

IBM Rational Rhapsody Design Manager XML External Entity Injection Vulnerability

IBM Rational Rhapsody Design Manager is a Jazz-based platform from IBM that helps systems engineers apply Model-Based Systems Engineering MBSE through SysML to help embedded software developers dismantle engineering silos and collaborate with key stakeholders, such as managers, quality managers,...

IBM Integration Bus and WebSphere Message Broker XML External Entity Injection Vulnerability

IBM Integration Bus formerly known as IBM WebSphere Message Broker is an enterprise service bus ESB product from IBM. The product provides connectivity and common data transformations for Service Oriented Architecture SOA environments and non-SOA environments. An XML external entity injection...

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...

Yaxim and Bruno User Simulation Vulnerabilities

yaxim and Bruno are both products of Georg Lukas. yaxim Yet Another XMPP Instant Messenger is an XMPP client with a clean user interface and open source GPLv2. Bruno is the best Jabber / XMPP Instant Messaging IM application. Bruno is the best Jabber / XMPP Instant Messaging IM application. A use...

Cimetrics BACnet Explorer XML External Entity Injection Vulnerability

BACnet Explorer is a BACnet client application that helps to automatically discover BACnet devices. Cimetrics BACnet Explorer suffers from an XML external entity injection vulnerability that can be exploited by an attacker to obtain sensitive information...

CVE-2017-5593

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ 0.16.563.580 -...

UBUNTU-CVE-2017-5591

An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and...

DEBIAN-CVE-2016-4571

The mxmlwritenode function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service stack consumption via crafted xml file...

Mozilla: Use-after-free in XSL (MFSA 2017-02)

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird 45.7, Firefox ESR 45.7, and Firefox 51...

ALPINE-CVE-2017-5342

In tcpdump before 4.9.0, a bug in multiple protocol parsers Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE could cause a buffer overflow in print-ether.c:etherprint...

UBUNTU-CVE-2017-5342

In tcpdump before 4.9.0, a bug in multiple protocol parsers Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE could cause a buffer overflow in print-ether.c:etherprint...