Ubuntu: Security Advisory (USN-3041-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple Apple Products libxml2 Memory Corruption Denial of Service Vulnerability (CNVD-2016-05742)

Apple iOS is an operating system for mobile devices; OS X is a specialized operating system for Mac computers; tvOS is an operating system for smart TVs; and watchOS is an operating system for smart watches. libxslt is an XSLTC library developed for the GNOME project. A security vulnerability in...

Security update for Chromium (important)

Chromium was updated to 52.0.2743.82 to fix the following security issues boo989901: - CVE-2016-1706: Sandbox escape in PPAPI - CVE-2016-1707: URL spoofing on iOS - CVE-2016-1708: Use-after-free in Extensions - CVE-2016-1709: Heap-buffer-overflow in sfntly - CVE-2016-1710: Same-origin bypass in...

chromium: multiple issues

CVE-2016-1705 arbitrary code execution Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1706 sandbox escape Sandbox escape in PPAPI. Credit to Pinkie Pie. - CVE-2016-1708 arbitrary code execution Use-after-free in Extensions. Credit to Adam Varsan. - CVE-2016-1709...

Google Chrome Security Updates (stable-channel-update-2016-07) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

PHP < 5.5.22, 5.6.x < 5.6.6 XXE Vulnerability - Windows

PHP is prone to an XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if descriptio...

UBUNTU-CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

CVE-2015-8866

CVE-2015-8866 describes a XXE/XEE vulnerability in PHP when using PHP-FPM, where libxml_disable_entity_loader changes are shared across threads, allowing crafted XML to exploit libxml. Affected versions include PHP prior to 5.5.22 and 5.6.x prior to 5.6.6; the issue stems from insufficient isolat...

UBUNTU-CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML...

UBUNTU-CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

libxml2: Heap-based buffer overflow in xmlParseXmlDecl

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

USN-2952-1 php5 vulnerabilities

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...

DEBIAN-CVE-2015-8806

dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the "!DOCTYPE html" substring in a crafted HTML document...

Ruby on Rails activesupport远程拒绝服务漏洞

Impact Specially crafted XML documents can cause applications to raise a SystemStackError and potentially cause a denial of service attack. This only impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted. All users running an...

libxml2 Denial of Service Vulnerability (CNVD-2015-08376)

Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A security vulnerability exists in the 'xmlSAX2TextNode' function in the SAX2.c file of t...

libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

libxml2: heap-based buffer overflow in xmlParseConditionalSections()

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service...

DEBIAN-CVE-2015-7941

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and libxml2 crash via crafted XML data to the 1 xmlParseEntityDecl or 2 xmlParseConditionalSections function in parser.c, as demonstrated by...

Google AdWords API PHP Client Library 6.2.0 XXE Injection Vulnerability

Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability. ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High =============================================...

openSUSE Security Update : perl-XML-LibXML (openSUSE-2015-571)

perl-XML-LibXML was updated to version 2.0.121 to fix one security vulnerability. - Fix 'expandentities' option that was not preserved under some circumstances. bsc929237, CVE-2015-3451 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...