bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

[SECURITY] Fedora 17 Update: httpd-2.2.23-1.fc17

The Apache HTTP Server is a powerful, efficient, and extensible web server...

PT-2013-2057 · Microsoft · Xml Core Services +2

Name of the Vulnerable Software and Affected Versions: Microsoft XML Core Services versions 3.0 through 6.0 Description: The issue arises from the improper parsing of XML content, allowing remote attackers to execute arbitrary code via a crafted web page. This can corrupt memory in such a way tha...

Debian Security Advisory DSA 2603-1 (emacs23 - programming error)

Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to safe . OpenVAS Vulnerability Test $Id: deb2603.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2603-1 using nvtgen 1.0 Script version: 1.0 Author:...

neon: billion laughs DoS attack

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...

DEBIAN-CVE-2012-5976

Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial o...

DEBIAN-CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data...

Fedora Update for weechat FEDORA-2012-19538

Check for the Version of weechat OpenVAS Vulnerability Test Fedora Update for weechat FEDORA-2012-19538 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 18 Update: weechat-0.3.9.2-2.fc18

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 16 Update: weechat-0.3.9.2-2.fc16

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 17 Update: weechat-0.3.9.2-2.fc17

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 16 Update: weechat-0.3.8-4.fc16

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 16 Update: weechat-0.3.8-4.fc16

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 18 Update: weechat-0.3.8-4.fc18

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 16 Update: weechat-0.3.8-3.fc16

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 18 Update: weechat-0.3.8-3.fc18

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

Cisco Unified Presence / Jabber Extensible Communications Platform DoS

Crash on stream header parsing...

[SECURITY] Fedora 17 Update: ruby-1.9.3.194-17.fc17

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

DEBIAN-CVE-2012-4445

Heap-based buffer overflow in the eapservertlsprocessfragment function in eapservertlscommon.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service crash or abort via a small "TLS Message Length" value in an EAP-TLS message with the "Mor...

[SECURITY] Fedora 18 Update: ruby-1.9.3.194-18.fc18

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...