Debian DLA-85-1 : libxml-security-java security update

James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. NOTE: Tenable Network Security has extracted the preceding...

Juniper Networks Junos OS Multiple xml2 Vulnerabilities

Multiple vulnerabilities in the libxml version used by Junos OS. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:juniper:junos"; ...

SOL15864 - libxml vulnerabilities CVE-2009-2414 and CVE-2009-2416

Recommended action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. Supplemental...

Debian DSA-3065-1 : libxml-security-java - security update

James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

[SECURITY] [DSA 3065-1] libxml-security-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3065-1 [email protected] http://www.debian.org/security/ Sebastien Delafond November 06, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 3065-1] libxml-security-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3065-1 [email protected] http://www.debian.org/security/ Sebastien Delafond November 06, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 3065-1 (libxml-security-java - security update)

James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. OpenVAS Vulnerability Test $Id: deb3065.nasl 6715 2017-07-13...

Debian: Security Advisory (DSA-3065-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libxml DoS

Resources exhaustion on XML parsing...

[SECURITY] Fedora 20 Update: subsurface-4.2-1.fc20.1

Subsurface is an open source dive log program. Developed in C using GTK+-2.0, glib-2 and libxml-2, it relies on libdivecomputer to connect to the dive computer and thus support all the dive computer supported by libdivecomputer...

CVE-2014-2054

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

CVE-2014-2054

PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of...

PHP PHP_RSHUTDOWN_FUNCTION Security Bypass

According to its banner, the version of PHP 5.x installed on the remote host is 5.x prior to 5.3.11 or 5.4.x prior to 5.4.1 and thus, is potentially affected by a security bypass vulnerability. An error exists related to the function 'PHPRSHUTDOWNFUNCTION' in the libxml extension and the...

PHP libxml RSHUTDOWN安全限制绕过漏洞(CVE-2012-1171)

BUGTRAQ ID: 65673 CVECAN ID: CVE-2012-1171 PHP是一种HTML内嵌式的语言。 PHP 5.x版本内的libxml RSHUTDOWN函数可使远程攻击者在用自定义流封装器时调用streamclose方法，绕过openbasedir保护机制，读取敏感文件。 0 PHP PHP 5.5.x 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.php.net/downloads.php...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

Design/Logic Flaw

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

CVE-2012-1171

CVE-2012-1171 affects PHP 5.x via the libxml RSHUTDOWN function, enabling a remote attacker to bypass open_basedir protections and read arbitrary files when a custom stream wrapper is in use. The issue is triggered by a stream_close call during wrapper usage, which bypasses the intended directory...

CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...