CVE-2017-2970

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

libxml2: Heap-based buffer overread in htmlCurrentChar

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

Microsoft PowerShell XML External Entity Injection Vulnerability

Microsoft PowerShell is a command line scripting environment that runs on windows machines to automate system and application management. An XML external entity injection vulnerability exists in Microsoft PowerShell, which can be exploited by an attacker to obtain sensitive information and execut...

Microsoft Windows Media Center 'ehshell.exe' XML External Entity Injection Vulnerability

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Windows Media Center is one of these multimedia applications. Microsoft Windows Media Center V6.1.7600 'ehshell.exe' suffers from an XML External Entity Injection vulnerability that can be exploited b...

UBUNTU-CVE-2016-9063

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox 50...

php: libxml_disable_entity_loader setting is shared between threads

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

Amazon Linux AMI : kernel (ALAS-2016-762)

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a...

kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash

Linux kernel built with the 802.1Q/802.1ad VLANCONFIGVLAN8021Q OR Virtual eXtensible Local Area NetworkCONFIGVXLAN with Transparent Ethernet BridgingTEB GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could...

[SECURITY] Fedora 24 Update: guile-2.0.13-1.fc24

GUILE GNU's Ubiquitous Intelligent Language for Extension is a library implementation of the Scheme programming language, written in C. GUILE provides a machine-independent execution platform that can be linked in as a library during the building of extensible programs. Install the guile package ...

CentOS Update for kernel CESA-2016:2047 centos7

Check the version of kernel SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882577";...

kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash

Linux kernel built with the 802.1Q/802.1ad VLANCONFIGVLAN8021Q OR Virtual eXtensible Local Area NetworkCONFIGVXLAN with Transparent Ethernet BridgingTEB GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could...

Libxml2 memory corruption vulnerability in multiple Apple products (CNVD-2016-08340)

Apple iOS, OS X, tvOS, and watchOS are all products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Apple OS X is a specialized operating system developed for Mac computers; tvOS is a smart TV operating system; and watchOS is a smart watch operating system. Libxml2 is...

Polycom HDX Video End Points XML External Entity Denial of Service Vulnerability

Polycom HDX Video End Points video conferencing system. A denial of service vulnerability exists in Polycom HDX Video End Points. An attacker could exploit this vulnerability to cause a denial of service condition...

EAP7 Privilege escalation when managing domain including earlier version slaves

The domain controller will not propagate its administrative RBAC configuration to some slaves. An attacker could use this to escalate their privileges...

jenkins: Remote code execution through remote API (SECURITY-247)

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...

The vulnerability of the Microsoft .NET Framework software platform, which allows a hacker to read arbitrary files

The vulnerability of the Microsoft .NET Framework software platform is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to read arbitrary files using XML data, which contains a declaration of an external object along with a reference to an...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

zFTP Client 20061220 - Connection Name Local Buffer Overflow

zFTP Client 20061220 - Connection Name Local Buffer Overflow Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: zFTP Client Affected value: NAME under FTP connection Where in the code: Line 30 in strcpychk.c...

zFTP Client 20061220 - 'Connection Name' Local Buffer Overflow

Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: zFTP Client Affected value: NAME under FTP connection Where in the code: Line 30 in strcpychk.c strcpychk dest=0xb7f811c0 "/KUIP", src=0xb76a6680 "/MACRO",...