CVE-2016-10162

Removed by vendor...

CVE-2016-10162

The phpwddxpopelement function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a...

MS16-035: Security update for the .NET Framework to address security feature bypass

Resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component that does not properly validate certain elements of a signed XML document.October 11, 2016 Revised bulletin to announce that security updates 3135994 and 3135995 for the...

GLSA-201701-37 : libxml2: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201701-37 libxml2: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user or automated syst...

MS16-035: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows Server 2012: March 8, 2016

MS16-035: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows Server 2012: March 8, 2016 November 8, 2016 A detection change was made to account for the .NET Framework 4.6.1 hotfix rollup for customers who were not being correctly offered this security update for th...

MS16-035: Description of the security update for the .NET Framework 3.5 in Windows Server 2012: March 8, 2016

MS16-035: Description of the security update for the .NET Framework 3.5 in Windows Server 2012: March 8, 2016 View products that this article applies to. Summary This update resolves a vulnerability in the Microsoft .NET Framework. The security feature bypass exists in a .NET Framework component...

MS16-035: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: March 8, 2016

MS16-035: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: March 8, 2016 November 8, 2016 A detection change was made to account for the .NET Framework 4.6.1 hotfix rollup for customers who were not being correctly...

Denial Of Service (DoS)

comet is vulnerable to denial of service DoS attacks. It is possible for an attacker to create a malicious XML document to parse, causing resource exhaustion when expanding XML entity...

CVE-2016-9934

CVE-2016-9934 affects PHP’s WDDX extension (ext/wddx/wddx.c) in PHP before 5.6.28 and 7.x before 7.0.13, allowing remote attackers to cause a denial of service via crafted serialized data in a wddxPacket XML document (demonstrated by a PDORow string). Connected advisories corroborate the issue ac...

CVE-2016-9935

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

CVE-2016-9598

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service out-of-bounds read and application crash via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483...

F5 Networks BIG-IP : libxml2 vulnerability (K71926235)

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document.CVE-2016-1838 C...

F5 Networks BIG-IP : libxml2 vulnerabilities (K54225343)

CVE-2016-3627 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document CVE-2016-3705 The 1...

libxml2: Heap use-after-free in xmlDictComputeFastKey

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document...

libxml2: Heap-based buffer-overread in xmlNextChar

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

CVE-2016-3055

IBM FileNet Workplace 4.0.2 is affected by CVE-2016-3055 due to an XML External Entity (XXE) flaw in processing XML data, which could allow remote authenticated users to read arbitrary files or cause a memory-based denial of service. Affected version: FileNet Workplace 4.0.2 (before 4.0.2.14 LA01...

CVE-2016-4658

xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free an...

Memory corruption

xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free an...

CVE-2016-4658

xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free an...

CVE-2016-4658

xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free an...