miniupnpc -- buffer overflow

Talos reports: An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigg...

Amazon Linux: Security Advisory (ALAS-2012-88)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2014-430)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xxe

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...

CVE-2015-4538

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...

CVE-2015-4538

The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...

CVE-2015-4538

CVE-2015-4538 affects EMC Atmos XML parser, where XML External Entity (XXE) processing in the parser prior to 2.2.3.426 and 2.3.x prior to 2.3.1.0 allows remote authenticated users to read arbitrary files or trigger a denial of service via an external entity and entity reference. Root cause is XX...

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations...

FreeBSD-SA-15:20.expat

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:20.expat Security Advisory The FreeBSD Project Topic: Multiple integer overflows in expat libbsdxml XML parser Category: contrib Module: libbsdxml Announced:...

FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser

Problem Description: Multiple integer overflows have been discovered in the XMLGetBuffer function in the expat library. Impact: The integer overflows may be exploited by using specifically crafted XML data and lead to infinite loop, or a heap buffer overflow, which results in a Denial of Service...

CVE-2015-1283

Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data, a related...

Oracle E-Business Suite - XXE injection vulnerability

Application: E-Business Suite Vendor URL: Oracle Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: XML External Entit...

Oracle E-Business Suite – XXE injection vulnerability

Application: Oracle E-Business Suite Vendor: Oracle Versions Affected: Oracle E-Business Suite 12.1.3, probably others Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 19.01.2016 Reference: Oracle CPU Jan 2016 Author: Nikita Kelesis, Ivan Chalykin,...

Scientific Linux Security Update : xerces-c on SL7.x x86_64 (20150629)

A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. CVE-2015-0252 %NASLMINLEVEL 70300 C Tenable Network Security,...

CentOS Update for xerces-c CESA-2015:1193 centos7

Check the version of xerces-c SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882212";...

Debian Security Advisory DSA 3298-1 (jackrabbit - security update)

It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as https or file. Dependi...

RedHat Update for xerces-c RHSA-2015:1193-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 7 : xerces-c (RHSA-2015:1193)

An updated xerces-c package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

xerces security update

CentOS Errata and Security Advisory CESA-2015:1193 An updated xerces-c package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

xerces-c: crashes on malformed input

A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash...