343 matches found
RHEL 7 : firefox (RHSA-2019:3193)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:3193 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Mozilla Firefox ESR < 68.2
The version of Firefox ESR installed on the remote Windows host is prior to 68.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-33 advisory. - Mozilla developers and community members Bob Clary, Jason Kratzer, Aaron Klotz, Iain Ireland, Tyson Smith, Christia...
OPENSUSE-SU-2019:2205-1 Security update for expat
This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. bsc1149429 This update was imported from the SUSE:SLE-15:Update update project...
Security update for expat (moderate)
openSUSE Security Update: Security update for expat Announcement ID: openSUSE-SU-2019:2205-1 Rating: moderate References: 1149429 Cross-References: CVE-2019-15903 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for expat fixe...
EulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2063)
According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high...
SUSE-SU-2019:2429-1 Security update for expat
This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. bsc1149429...
MGASA-2019-0274 Updated expat packages fix security vulnerability
Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service CVE-2018-20843...
Updated expat packages fix security vulnerability
Updated expat packages fix security vulnerability: It was discovered that Expat did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service CVE-2018-20843...
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...
Remote Code Execution
nexus-yum-repository-plugin is vulnerable to remote code execution. An attacker with administrative access to nxrm is able to execute arbitrary OS commands on the system by setting the path of createrepo or mergerepo to an OS command in the XML input...
CVE-2019-1187
A denial of service vulnerability exists when the XmlLite runtime XmlLite.dll improperly parses XML input. An attacker who successfully exploited this vulnerability could cause a denial of service against an XML application. A remote unauthenticated attacker could exploit this vulnerability by...
Denial of service
A denial of service vulnerability exists when the XmlLite runtime XmlLite.dll improperly parses XML input, aka 'XmlLite Runtime Denial of Service Vulnerability'...
Security update for the information disclosure vulnerability in Visual Studio 2010 Service Pack 1 (KB4506161)
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files...
Security update for the information disclosure vulnerability in Visual Studio 2012 Update 5 (KB4506162)
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files...
CVE-2019-1079
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'...
CVE-2019-1079
CVE-2019-1079 affects Microsoft Visual Studio. The vulnerability arises when Visual Studio improperly parses XML input in certain settings files, enabling an XML external entity (XXE) for information disclosure. An attacker who can entice an authenticated user to open a crafted XML file could rea...