CVE-2011-1755

jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...

CVE-2011-1754

Technical details for CVE-2011-1754 are not publicly provided in the supplied connected documents. The description notes a DoS via XML entity expansion but no vendor/product/version specifics here. Monitor for updates and rely on official advisories for remediation.

CVE-2011-2188

LuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...

CVE-2011-1756

Removed by vendor...

CVE-2011-2188

Technical details for CVE-2011-2188 are not publicly provided in the connected documents. Monitor for updates.

CVE-2011-1753

expaterl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of neste...

Low: Red Hat Security Advisory: Red Hat Network Proxy server jabberd security update

An updated jabberd package that fixes one security issue is now available for Red Hat Network Proxy 5.4.1 for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Ubuntu 9.10 / 10.04 LTS / 10.10 : rsync vulnerability (USN-1124-1)

It was discovered that rsync incorrectly handled memory when certain recursion, deletion and ownership options were used. If a user were tricked into connecting to a malicious server, a remote attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking...

Nmap NSE net: dns-recursion

Checks if a DNS server allows queries for third-party names. It is expected that recursion will be enabled on your own internal nameservers. OpenVAS Vulnerability Test $Id: gbnmapdnsrecursionnet.nasl 5505 2017-03-07 10:00:18Z teissa $ Autogenerated NSE wrapper Authors: NSE-Script: Felix Groebert...

Nmap NSE net: dns-random-txid

Checks a DNS server for the predictable-TXID DNS recursion vulnerability. Predictable TXID values can make a DNS server vulnerable to cache poisoning attacks see CVE-2008-1447. The script works by querying txidtest.dns-oarc.net see https://www.dns- oarc.net/oarc/services/txidtest. Be aware that a...

Nmap NSE net: dns-recursion

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple Vendors libc/fnmatch(3) DoS (incl apache poc)

Multiple Vendors libc/fnmatch3 DoS incl apache poc Author: Maksymilian Arciemowicz http://netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - Dis.: 29.01.2011 - Pub.: 13.05.2011 CVE: CVE-2011-0419 CWE: CWE-399 Affected Software verified: - Apache 2.2.17 - NetBSD 5.1 - OpenBS...

Mandriva Linux Security Advisory : apr (MDVSA-2011:084)

It was discovered that the aprfnmatch function used an unconstrained recursion when processing patterns with the '' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching such as an httpd server using th...

apr security update

CentOS Errata and Security Advisory CESA-2011:0507 Updated apr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS...

Ubuntu Update for rsync USN-1124-1

Ubuntu Update for Linux kernel vulnerabilities USN-1124-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11241.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for rsync USN-1124-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

USN-1124-1: rsync vulnerability

It was discovered that rsync incorrectly handled memory when certain recursion, deletion and ownership options were used. If a user were tricked into connecting to a malicious server, a remote attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking...

ejabberd -- remote denial of service vulnerability

It's reported in CVE advisory that: expaterl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML documen...

DEBIAN-CVE-2011-1097

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service heap memory corruption and application crash or possibly execute arbitrary code via malformed data...

rsync: Incremental file-list corruption due to temporary file_extra_cnt increments

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service heap memory corruption and application crash or possibly execute arbitrary code via malformed data...

Mandriva Update for wireshark MDVSA-2011:044 (wireshark)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...