EUVD-2009-1818

Malware in sbrugna...

EUVD-2013-0283

Malware in sbrugna...

EUVD-2009-3541

Malware in sbrugna...

EUVD-2007-6252

Malware in sbrugna...

RHEL 8 : mingw-expat (RHSA-2022:7811)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7811 advisory. Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. The following packag...

Critical: xmlrpc-c

Issue Overview: A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor...

RHEL 8 : xmlrpc-c (RHSA-2022:1540)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1540 advisory. XML-RPC is a remote procedure call RPC protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a...

RHEL 6 : expat (RHSA-2022:1309)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1309 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code...

expat security update

2.1.0-14.0.1 - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910302 2.1.0-14 - Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in 'xmlns:prefix' attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:0824)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0824-1 advisory. - Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 - Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 - expat:...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Critical: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. Security Fixes: Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 Mozilla: Use-after-free in WebGPU IPC Framework...

CVE-2022-25235

A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor. Mitigation There i...

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

...

GNU Screen Denial of Service Vulnerability (CNVD-2021-13240)

GNU Screen is a freeware program developed by the GNU Project for switching between command-line terminals. It allows users to connect to multiple local or remote command line sessions at the same time and switch between them freely. A denial of service vulnerability exists in encoding.c in GNU...

MGASA-2020-0028 Updated libtomcrypt packages fix security vulnerability

Updated libtomcrypt packages fix security vulnerability: Improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data CVE-2019-17362...

SUSE-SU-2019:3095-1 Security update for libtomcrypt

This update for libtomcrypt fixes the following issues: - CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data bsc1153433...

Oracle Linux 3 / 4 : 4Suite (ELSA-2009-1572)

From Red Hat Security Advisory 2009:1572 : An updated 4Suite package that fixes one security issue is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The 4Suite package contains XML-related...

CVE-2013-0252

The CVE-2013-0252 entry concerns Boost.Locale’s boost::locale::utf::utf_traits, where Boost versions 1.48–1.52 fail to detect certain invalid UTF-8 sequences. This could allow bypassing input validation via crafted trailing bytes. Connected advisories (openSUSE, SUSE, Mandriva/MDVSA-2013:065, Fed...

Boost library protection bypass

Invalid UTF-8 sequences validation...