CVE-2017-10672

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

Design/Logic Flaw

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

CVE-2017-10672

The CVE-2017-10672 issue affects the Perl XML-LibXML module; a use-after-free in XML-LibXML up to version 2.0129 allows remote attackers to execute arbitrary code by controlling arguments to replaceChild. The Nessus/OSINT entries confirm the vulnerability exists in multiple distro packages (e.g.,...

CVE-2017-10672

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

Perl XML-LibXML Module Arbitrary Code Execution Vulnerability

Perl is an American programmer Larry Wall Larry Wall developed a cross-platform programming language. XML-LibXML is one of the Debian-based XML file conversion module. An arbitrary code execution vulnerability exists in Perl's XML-LibXML module =2.0129, which can be exploited by a remote attacker...

UBUNTU-CVE-2017-10672

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

DEBIAN-CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...

Juniper Networks Junos Space Multiple Vulnerabilities (JSA10770)

Juniper Networks Junos Space is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

php: libxml_disable_entity_loader setting is shared between threads

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3041-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3041-1 advisory. Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could...

Ubuntu: Security Advisory (USN-3041-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple Apple Products libxml2 Memory Corruption Denial of Service Vulnerability (CNVD-2016-05742)

Apple iOS is an operating system for mobile devices; OS X is a specialized operating system for Mac computers; tvOS is an operating system for smart TVs; and watchOS is an operating system for smart watches. libxslt is an XSLTC library developed for the GNOME project. A security vulnerability in...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

chromium: multiple issues

CVE-2016-1705 arbitrary code execution Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1706 sandbox escape Sandbox escape in PPAPI. Credit to Pinkie Pie. - CVE-2016-1708 arbitrary code execution Use-after-free in Extensions. Credit to Adam Varsan. - CVE-2016-1709...

Google Chrome Security Updates (stable-channel-update-2016-07) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

The vulnerability of the libxml2 library, which allows a perpetrator to obtain confidential information

The vulnerability of the xmlParseXMLDecl function in the parser.c file of the libxml2 library is caused by buffer overflow. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain confidential information due to incomplete declaration of XML data...

The vulnerability of the libxml2 library, which allows a hacker to cause a service failure or obtain confidential information

The vulnerability of the xmlNextChar function in the libxml2 library arises due to buffer overflows. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure application termination or obtain confidential information through specially crafted XML data...

PHP < 5.5.22, 5.6.x < 5.6.6 XXE Vulnerability - Windows

PHP is prone to an XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if descriptio...

The vulnerability of the libxml2 library and the PHP interpreter allows attackers to trigger a service failure.

The vulnerability of the xslextfunctionphp function ext/xsl/xsltprocessor.c in the libxml2 library and the PHP interpreter is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure dereferencing the null pointer...

UBUNTU-CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...