libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information...

Cisco Adaptive Security Appliance Software Denial of Service Vulnerability (CNVD-2015-07836)

Cisco Adaptive Security Appliance Software is a modular platform that provides security and VPN services from Cisco. A denial of service vulnerability exists in Cisco Adaptive Security Appliance Software 8.4 that could allow an authenticated remote user to cause a denial of service via a crafted...

CVE-2015-6380

An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622...

Cisco Firepower 9000 Firepower Extensible Operating System File Read Vulnerability

The Cisco Firepower Extensible Operating System on Firepower 9000 is an operating system from Cisco that runs in the 9000 series firewall appliances. A security vulnerability in Cisco Firepower Extensible Operating System 1.1 1.160 on Cisco Firepower 9000 devices allows remote attackers to read...

grub2: modules built in on EFI builds that allow loading arbitrary code, circumventing secure boot

It was discovered that grub2 builds for EFI systems contained modules that were not suitable to be loaded in a Secure Boot environment. An attacker could use this flaw to circumvent the Secure Boot mechanisms and load non-verified code. Attacks could use the boot menu if no password was set, or t...

CVE-2015-6369

The CVE-2015-6369 issue affects Cisco Firepower Extensible Operating System on Firepower 9000 devices (1.1(1.160)) via the USB driver. Root cause: insufficient sanitization of USB input parameters that allows a crafted USB device to trigger invalid kernel commands, enabling a local, unauthenticat...

CVE-2015-6371

CVE-2015-6371 affects Cisco Firepower Extensible Operating System (FSO) 1.1(1.160) on Firepower 9000 devices. The issue arises from lack of input validation in parameters passed to certain user scripts, enabling remote authenticated users to read arbitrary files on the device via crafted script i...

CVE-2015-6369

The USB driver in Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531...

CVE-2015-6370

The CVE-2015-6370 entry describes a local command-injection vulnerability in the Management I/O (MIO) CLI of Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices. The root cause is insufficient sanitization of user-supplied input in the CLI, allowing an authenticated l...

DEBIAN-CVE-2015-8023

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message...

CVE-2015-6373

CVE-2015-6373 affects Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices. Root cause: CSRF vulnerability due to lack of CSRF protection. Impact: remote attackers could hijack user authentication and perform unwanted actions. Exploitation details: described as unauthe...

PT-2015-3258

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.3 Description The issue is related to the xmlSAX2TextNode function in the HTML parser of libxml2, which allows context-dependent attackers to cause a denial of service or obtain sensitive information via crafted X...

UBUNTU-CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

Volatile Memory Extraction: The Volatility Framework

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory RAM samples. The extraction techniques are performed completely independent of the system being investigated...

UBUNTU-CVE-2015-5314

The eappwdprocess function in eapserver/eapserverpwd.c in hostapd 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when used with 1 an internal EAP server or 2 a RADIUS server and EAP-pwd is enabled in a runtime configuration, which allows remote...

Vulnerability of the Java Platform software platform, which allows attackers to gain access to protected information

The vulnerability of the JAXP sub-component of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to protected information through a Java Web Start application or Java applet...

The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure

The vulnerability of the EFI component in the Mac OS X operating system is related to errors in specifying the range of protected registers. Exploiting this vulnerability can allow a malicious actor to trigger a service failure through a specially crafted application...

Unspecified Vulnerability in Apple OS X Server Wiki Server XML

Apple Mac OS X is a commercial operating system. Multiple unspecified vulnerabilities exist in Apple OS X Server Wiki Server processing XML. A detailed vulnerability description is not currently available...

Vulnerabilities of iOS and Mac OS X operating systems, which allow attackers to gain access to protected information or cause service failures

The vulnerability of the libxml2 component in iOS and Mac OS X operating systems arises due to buffer overflows. Exploiting this vulnerability can allow an attacker to gain access to sensitive information or cause service failures by using a specially crafted XML document...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the XC NCIP Provider module in the eXtensible Catalog XC Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request...