Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-88)

Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711 , CVE-2012-1719 It was discovered that the...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

Updated openstack-nova packages that fix multiple security issues and various bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Moderate: Red Hat Security Advisory: openstack-cinder security update

Updated openstack-cinder packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Code injection

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...

CVE-2013-2160

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...

CVE-2013-2160

CVE-2013-2160 affects Apache CXF’s streaming XML parser. Versions affected: CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4. A crafted XML payload with a very large number of elements/attributes/nested constructs can cause denial of service through CPU and memory exhaustion. T...

ruby: entity expansion DoS vulnerability in REXML

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

IceWarp Web Mail <= 10.4.5 Information Disclosure Vulnerability - Active Check

IceWarp Web Mail is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MGASA-2013-0233 Updated php packages fix CVE-2013-4113

Updated php packages fix security vulnerability: Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages have been upgraded to the latest version 2013.4...

Updated php packages fix CVE-2013-4113

Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages has been upgraded to the latest version 2013.4...

CVE-2013-3751

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

Oracle July 2013 Critical Patch Update patches 89 Flaws

It may not be the highest priority patch among the 89 released by Oracle yesterday in its July Critical Patch Update CPU, but a fix for an Outside In Technology vulnerability in Oracle’s Fusion middleware merits some extra attention. Oracle provides the technology in several of its products in...

CVE-2013-3751

CVE-2013-3751 is an unspecified vulnerability in the XML Parser component of Oracle Database Server affecting 11.2.0.2, 11.2.0.3, and 12.1.0.1. It allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors (CVSS v2 Base Score 9.0). The root cause ...

CVE-2013-3751

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

Oracle Database Multiple Vulnerabilities (July 2013 CPU)

The remote Oracle database server is missing the July 2013 Critical Patch Update CPU and is, therefore, potentially affected by security issues in the following components : - XML Parser - Network Layer - Oracle Executable - Core RDBMS %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

FreeBSD : PHP5 -- Heap corruption in XML parser (31b145f2-d9d3-49a9-8023-11cf742205dc)

The PHP development team reports : ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the...

Mandriva Linux Security Advisory : php (MDVSA-2013:195)

A vulnerability has been discovered and corrected in php : - Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. The updated packages have been upgraded to the 5.3.27 version which is not vulnerable to this issue. The php-timezonedb package has been updated to the 2013.4 version...

Critical: php

Issue Overview: A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xmlparseintostruct function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly,...

Oracle Linux 5 : PyXML (ELSA-2010-0002)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0002 advisory. 0.8.4-4.2 - Use system expat library Resolves: 531852 0.8.4-4.1 - Fix buffer over read Resolves: 531852 Tenable has extracted the preceding description block...