CVE-2015-9206

Technical details about CVE-2015-9206 are not publicly provided in the connected documents. The materials available here reiterate the issue description but do not specify affected products, root cause, impact, or remediation. Monitor for updates.

CVE-2016-4344

Integer overflow in the xmlutf8encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long argument to the utf8encode function, leading to a heap-based buffer overflow...

RealPlayer version 16.0.3.51 contains a buffer overflow vulnerability

Overview RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability CWE-121. Description CWE-121: Stack-based Buffer Overflow RealPlayer version 16.0.3.51 and possibly earlier versions contain a stack-based buffer overflow vulnerability. The .RM...

Fedora 19 : mediawiki-1.20.5-1.fc19 (2013-7654)

Changes since 1.20.4 - bug 46590 Add hook AbortChangePassword to Special:ChangePassword - bug 47304 SECURITY: Check SVG xml encoding against whitelist - Localisation updates from http://translatewiki.net. - mwdocgen.php: Implement --version option. - Remove svnstat stuff used in Doxygen generatio...

Fedora 17 : mediawiki-1.19.6-1.fc17 (2013-7701)

Changes since 1.19.5 - bug 47304 SECURITY: Check SVG xml encoding against whitelist - bug 46590 Added AbortChangePassword hook to allow extensions to abort password changes from Special:ChangePassword - Localisation updates from http://translatewiki.net. - mwdocgen.php: Implement --version option...

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...

Design/Logic Flaw

The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP...

CVE-2009-0904

The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP...

CVE-2009-0904

The CVE-2009-0904 issue affects IBM WebSphere Application Server 6.1 before 6.1.0.25, specifically the Stax XMLStreamWriter in the Web Services component. The root cause is improper XML encoding handling, which can allow remote attackers to bypass access controls and potentially modify data via X...