The vulnerability of the iOS operating system, which allows attackers to carry out “man-in-the-middle” attacks

The vulnerability of the WebKit component of the iOS operating system is related to errors in cryptographic transformations. Exploiting this vulnerability allows a remote attacker to perform “man-in-the-middle” attacks due to errors in SSL certificate processing...

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

CVE-2014-2966

The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demonstrated by bypassing an XSS protection mechanism...

CVE-2014-2966

CVE-2014-2966 affects Resin Pro before 4.0.40. The ISO-8859-1 encoder does not perform Unicode transformations correctly, allowing crafted characters to bypass restrictions and the XSS protection mechanism in HTTP responses. The primary affected component is Resin Pro’s ISO-8859-1 output handling...

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

[USN-2218-1] Xalan-Java vulnerability

========================================================================== Ubuntu Security Notice USN-2218-1 May 21, 2014 libxalan2-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

openSUSE Security Update : libreoffice (openSUSE-SU-2012:0428-1)

updated to libreoffice-3.4.5.5 SUSE 3.4.5-rc3 : - extras - add SUSE color palette fate312645 - filters - crash when loading embedded elements bnc693238 - crash when importing an empty paragraph rh667082 - writer - do not use an invalidated iterator fdo46337 - updated to libreoffice-3.4.5.4 SUSE...

USN-2218-1: Xalan-Java vulnerability

Nicolas Gregoire discovered that Xalan-Java incorrectly handled certain properties when the secure processing feature was enabled. An attacker could possibly use this issue to load arbitrary classes or access external resources...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

MGASA-2013-0320 Updated firefox & related packages fix multiple security vulnerabilities

Updated firefox packages fix security vulnerabilities: Mozilla Network Security Services NSS before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

CentOS Update for firefox CESA-2013:1476 centos5

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2013:1476 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for firefox CESA-2013:1476 centos6

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2013:1476 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20131030)

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2013-5590, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602...

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2013:1476 Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVS...

CentOS 5 / 6 : firefox (CESA-2013:1476)

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

[Open SCAP v0.9.5] Support of SCE - Script Check Engine

SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise...