PYSEC-2017-55

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

CVE-2016-4041

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

CVE-2016-4041

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

openSUSE Security Update : zlib (openSUSE-2017-46)

This update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number bsc1003580 - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c bsc1003579 - Incompatible declarations for external...

SUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0003-1)

This update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number bsc1003580 CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c bsc1003579 Incompatible declarations for external...

SUSE-SU-2017:0003-1 Security update for zlib

This update for zlib fixes the following issues: CVE-2016-9843: Big-endian out-of-bounds pointer CVE-2016-9842: Undefined Left Shift of Negative Number bsc1003580 CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c bsc1003579 Incompatible declarations for external linkage...

SUSE SLES11 Security Update : zlib (SUSE-SU-2016:3209-1)

This update for zlib fixes the following issues : - Incompatible declarations for external linkage function deflate bnc1003577 - CVE-2016-9842: Undefined Left Shift of Negative Number bnc1003580 - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c bnc1003579 -...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

CVE-2016-3821

libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service NULL pointer dereference or memory corruption via a craft...

CVE-2016-1343

The XML parser in Cisco Information Server CIS 6.2 allows remote attackers to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCuy39059...

Apple OS X XML Double Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XML...

IBM WebSphere Portal XML Parser Denial of Service Vulnerability

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A security vulnerability exists in th...

The vulnerability of the Windows operating system, which allows a perpetrator to gain access to protected information

The vulnerability of the Windows operating system in the XML Core Services component, related to the ability to access data during document type declarations, allows attackers to gain access to sensitive user data such as names, passwords, or files on the hard drive...

The vulnerability of the Microsoft .NET Framework software platform, which allows a hacker to read arbitrary files

The vulnerability of the XML DTD parser component in the Microsoft .NET Framework is related to the lack of protection for operational data. Exploiting this vulnerability allows an attacker to remotely read arbitrary files by creating external declarations on XXE objects...

CVE-2015-7941

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and libxml2 crash via crafted XML data to the 1 xmlParseEntityDecl or 2 xmlParseConditionalSections function in parser.c, as demonstrated by...

Microsoft .NET Framework Directory Traversal Vulnerability

Microsoft .NET Framework is a popular software development toolkit. A directory traversal vulnerability in Microsoft .NET Framework versions 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2,4.6 allows remote attackers to read arbitrary files by combining entity references with external entity declaratio...

MediaWiki Denial of Service Vulnerability (CNVD-2015-02419)

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki. When the program uses HHVM or Zend PHP, a remote attacker can exploit the vulnerability to cause a denial of service 'Quadratic Blowup' and memory corruption via an XML file containing entity declarations and multiple enti...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.3.2 update (Moderate) (RHSA-2014:1818)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:1818 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A resource consumption issue...