Design/Logic Flaw

Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for 1 VMLAUNCH and 2 VMRESUME, which allows local HVM guest users to cause a denial of service host crash via unspecified vectors related to "guest VMX instruction execution."...

Host crash due to guest VMX instruction execution

ISSUE DESCRIPTION Permission checks on the emulation paths intended for guests using nested virtualization for VMLAUNCH and VMRESUME were deferred too much. The hypervisor would try to use internal state which is not set up unless nested virtualization is actually enabled for a guest. IMPACT A...

CVE-2013-2160

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...

Apache OFBiz Nested Expression Arbitrary UEL Function Execution

The version of Apache OFBiz hosted on the remote host is affected by a code execution vulnerability that could allow the execution of arbitrary UEL functions. Specially crafted input passed to the getInstance method of the FlexibleStringExpander class can result in the evaluation of nested Java...

[CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz

CVE-2013-2250 - Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz Vendor: The Apache Software Foundation Versions Affected: Apache OFBiz 10.04.01 to 10.04.05 Apache OFBiz 11.04.01 to 11.04.02 Apache OFBiz 12.04.01 Description: Parameter valu...

CVE-2011-1483

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterpris...

php: xml_parse_into_struct buffer overflow when parsing deeply nested XML

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...

apache-cxf: Multiple denial of service flaws in the StAX parser

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...

CVE-2013-0175

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

CVE-2013-0175

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

Type confusion

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

CVE-2013-0175

multixml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involvin...

Mandriva Linux Security Advisory : otrs (MDVSA-2013:112)

Updated otrs package fixes security vulnerabilities : Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allo...

CVE-2013-0285

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

SuSE Update for ruby openSUSE-SU-2013:0278-1 (ruby)

Check for the Version of ruby OpenVAS Vulnerability Test $Id: gbsuse201302781.nasl 8542 2018-01-26 06:57:28Z teissa $ SuSE Update for ruby openSUSE-SU-2013:0278-1 ruby Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is fre...

CVE-2013-0151

The dohvmop function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x8632 platform does not prevent HVMPARAMNESTEDHVM aka nested virtualization operations, which allows guest OS users to cause a denial of service long-duration page mappings and host OS crash by leveraging administrative access to ...

CVE-2013-0151

The dohvmop function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x8632 platform does not prevent HVMPARAMNESTEDHVM aka nested virtualization operations, which allows guest OS users to cause a denial of service long-duration page mappings and host OS crash by leveraging administrative access to ...

Design/Logic Flaw

The dohvmop function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x8632 platform does not prevent HVMPARAMNESTEDHVM aka nested virtualization operations, which allows guest OS users to cause a denial of service long-duration page mappings and host OS crash by leveraging administrative access to ...

CVE-2013-0151

The dohvmop function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x8632 platform does not prevent HVMPARAMNESTEDHVM aka nested virtualization operations, which allows guest OS users to cause a denial of service long-duration page mappings and host OS crash by leveraging administrative access to ...

CVE-2013-0151

The vulnerability CVE-2013-0151 affects Xen 4.2.x on x86_32 where do_hvm_op does not prevent HVM_PARAM_NESTEDHVM, enabling a guest with admin access in a large-VCPU domain to trigger a denial of service (long-duration page mappings/host crash). The provided documents do not specify a fixed patch ...