(Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

CVE-2017-9353

In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address...

libxml2: Inappropriate fetch of entities content

XML external entity XXE vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via unspecified vectors...

Adobe Flash AS2 extends Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AS2'...

Adobe Flash ExternalInterface addCallback Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ExternalInterface's...

[SECURITY] Fedora 22 Update: mingw-xerces-c-3.1.4-1.fc22

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

CVE-2016-4449

XML external entity XXE vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via unspecified vectors...

DSA-3579-1 xerces-c - security update

Bulletin has no description...

[SECURITY] Fedora 23 Update: xerces-c-3.1.3-1.fc23

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 24 Update: xerces-c-3.1.3-1.fc24

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

CVE-2015-5189

Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated...

bind: malformed DNSSEC key failed assertion denial of service

A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query for example, a query requiring a response from a zone containing a deliberately malformed key that would cause named functioning as ...

bind: malformed DNSSEC key failed assertion denial of service

A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query for example, a query requiring a response from a zone containing a deliberately malformed key that would cause named functioning as ...

[SECURITY] Fedora 20 Update: perl-XML-LibXML-2.0119-1.fc20

This module implements a Perl interface to the GNOME libxml2 library which provides interfaces for parsing and manipulating XML files. This module allows Perl programmers to make use of the highly capable validating XML parser and the high performance DOM implementation...

[SECURITY] Fedora 21 Update: perl-XML-LibXML-2.0119-1.fc21

This module implements a Perl interface to the GNOME libxml2 library which provides interfaces for parsing and manipulating XML files. This module allows Perl programmers to make use of the highly capable validating XML parser and the high performance DOM implementation...

[SECURITY] Fedora 20 Update: mingw-xerces-c-3.1.1-9.fc20

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 22 Update: mingw-xerces-c-3.1.2-1.fc22

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Webwork direct method invocation can bypass validatingStack through Action aliases

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-27294. panel WebWork supports the concept of action aliases, which allow a single action class to serve requests mapping to...

Fedora Update for unbound FEDORA-2011-7555

Check for the Version of unbound OpenVAS Vulnerability Test Fedora Update for unbound FEDORA-2011-7555 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

D-BUS: Stack overflow by validating message with excessive number of nested variants

Stack consumption vulnerability in D-Bus aka DBus before 1.4.1 allows local users to cause a denial of service daemon crash via a message containing many nested variants...