The vulnerability of the XSLTResult class implementation in the Apache Struts software platform allows attackers to execute arbitrary code.

The vulnerability of the XSLTResult class implementation in the Apache Struts software framework is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using the stylesheetLocation parameter...

mxml stack resource consumption vulnerability (CNVD-2016-03005)

mxml is an XML language for laying out user interfaces in Adobe Flex. A security vulnerability exists in the mxml-node.c file of mxml. An attacker can exploit the vulnerability with the help of a specially crafted xml file to cause stack resource consumption...

Libxml2 Stack Buffer Overflow Vulnerability

Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A stack buffer overflow vulnerability exists in Libxml2. An attacker can exploit this...

The vulnerability of the Junos operating system, which allows a hacker to trigger a service failure

The vulnerability of the Junos operating system is related to incorrect data processing. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using VXLAN packets...

jenkins: Remote code execution through remote API (SECURITY-247)

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...

PHP ext/xml/xml.c Integer Overflow Vulnerability

PHP is an open source general-purpose computer scripting language. An integer overflow vulnerability exists in PHP's ext/xml/xml.c file, which allows remote attackers to use the vulnerability to crash an application or execute arbitrary code...

Juniper Networks QFX Series VXLAN Packet Denial of Service Vulnerability

Juniper Networks QFX Series devices running Junos OS are a set of QFX Series switch products that run a network operating system. Juniper Networks QFX Series devices fail to properly handle high-frequency VXLAN packets, allowing remote attackers to exploit the vulnerability by submitting a specia...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary operating system commands.

The vulnerability of the Cisco Firepower Extensible Operating System’s undefined script exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating syste...

Debian Security Advisory DSA 3538-1 (libebml - security update)

Several vulnerabilities were discovered in libebml, a library for manipulating Extensible Binary Meta Language files. CVE-2015-8789 Context-dependent attackers could trigger a use-after-free vulnerability by providing a maliciously crafted EBML document. CVE-2015-8790 Context-dependent attackers...

The vulnerability of the Thunderbird email client, as well as the Firefox and Firefox ESR browsers, allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the nsScannerString::AppendUnicodeTo function in Thunderbird email clients, as well as in Firefox and Firefox ESR browsers, arises due to buffer overflows. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure memory exhaustion ...

The vulnerability of the Squid proxy server allows a hacker to cause a service failure.

The vulnerability of the Edge Side Includes parser of the Squid proxy server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause a service failure—such as the appearance of an error message “Assertion failure” or the termination of...

Libxml2 Denial of Service Vulnerability (CNVD-2016-01804)

Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A security vulnerability exists in Libxml2. This vulnerability can be exploited to cause ...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to circumvent existing access restrictions and obtain protected information.

The vulnerability of the Cisco Firepower Extensible Operating System is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions and obtain protected information...

xerces-c: parser crashes on malformed input

It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with...

[SECURITY] Fedora 23 Update: jabberd-2.3.3-7.fc23

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

DEBIAN-CVE-2016-2073

The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...

The vulnerability of the centralized device management system of Cisco Unified Computing System Central and the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary commands.

The vulnerability of the CGI script of the Cisco Unified Computing System Central device management system and the Cisco Firepower Extensible Operating System exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this...

Vulnerability of Mac OS X and iOS operating systems, allowing attackers to read arbitrary files

The vulnerability of operating systems Mac OS X and iOS is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to remotely access and read arbitrary files using a specially crafted iBook file containing links to external XML...

The vulnerability of the Cisco Firepower Extensible Operating System allows a hacker to inject any Web or HTML code.

The vulnerability of the Cisco Firepower Extensible Operating System’s web interface exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code by entering special parameters remote...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to execute arbitrary operating system commands on behalf of the root user.

The vulnerability of the Cisco Firepower Extensible Operating System component exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor, operating locally, to execute arbitrary...