CVE-2017-9765

Integer overflow in the soapget function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service stack-based buffer overflow and application crash via a large XML document, aka Devil'...

CVE-2017-11345

Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RTAC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66UB1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RTAC1200GU,...

Denial Of Service (DoS) Through Infinite Loop

Expat is vulnerable to denial of service DoS attacks. A malicious user can cause the parser to enter an infinite loop by passing an XML document with in it...

Sql injection

SQL injection vulnerability in CInfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element...

CVE-2017-9848

SQL injection vulnerability in CInfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element...

MS16-035: Description of the security update for the .NET Framework 4.6 in Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1 and 4.6.1 in Windows 7 SP1 and Windows Server 2008 R2 SP1: March 8, 2016

MS16-035: Description of the security update for the .NET Framework 4.6 in Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1 and 4.6.1 in Windows 7 SP1 and Windows Server 2008 R2 SP1: March 8, 2016 November 8, 2016 A detection change was made to account for...

Design/Logic Flaw

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document...

CVE-2015-2253

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document...

Copy-Paste Vulnerability (CPV) Through Libxml2

nokogiri uses the libxml2 C library. The version that nokogiri uses is vulnerable to CVE-2016-1838 which allows a malicious user to pass a XML document to the application, triggering a heap-based buffer over-read causing it to crash. This is triggered through the xmlPArserPrintFileContextInternal...

Updated java-1.8.0-openjdk packages fix security vulnerability

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges CVE-2017-3511. It was found that the JAXP component of...

Moderate: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2017-5662

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a ful...

CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...

CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...

CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...

CVE-2017-6344

XML External Entity XXE vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document...

Xxe

XML External Entity XXE vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document...

CVE-2017-6344

XML External Entity XXE vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document...

CVE-2016-10162

The phpwddxpopelement function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a...

Null pointer dereference

The phpwddxpopelement function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a...