Oracle Linux 5 / 6 / 7 : thunderbird (ELSA-2015-1012)

The remote Oracle Linux 5 / 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2015-1012 advisory. 31.7.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 31.7.0-1 - Update to 31.7.0 Tenable has...

Updated Firefox, Thunderbird & sqlite3 packages fix security vulnerabilities

Updated firefox, thunderbird, and sqlite3 packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of...

expat: Integer overflow leading to buffer overflow in XML_GetBuffer()

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150512)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-2708, CVE-2015-0797, CVE-2015-2710, CVE-2015-2713 A heap-base...

CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

CVE-2015-3451

The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XXE attacks via crafted XML data to the 1 new or 2 loadxml function...

CVE-2015-3451

The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XXE attacks via crafted XML data to the 1 new or 2 loadxml function...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

KLA10580 Multiple vulnerabilities in Microsoft products

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, gain privileges or obtain sensitive information. Below is a complete list of vulnerabilities 1. An unknown...

MS15-048: Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (3057134)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the Microsoft .NET Framework due to a recursion flaw that occurs when decrypting XML data. A remote attacker can exploit this,...

Buffer overflow when parsing compressed XML — Mozilla

Security researcher Ucha Gobejishvili used the Address Sanitizer tool to find a buffer overflow while parsing compressed XML content. This was due to an error in how buffer space is created and modified when handling large amounts of XML data. This results in a potentially exploitable crash...

[SECURITY] Fedora 21 Update: mingw-xerces-c-3.1.1-11.fc21

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

UBUNTU-CVE-2015-0252

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service segmentation fault and crash via crafted XML data...

CVE-2015-0252

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service segmentation fault and crash via crafted XML data...

KLA10496 Denial of service vulnerability in Apache Xerces

An unspecified vulnerability was found in Apache Xerces-C. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed XML data. Original advisories Apache bulletin Exploitation Public exploits exist for this...

CVE-2014-7811

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...

CVE-2014-7811

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...

Spacewalk: multiple XSS

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...