CVE-2016-6898

XML external entity XXE vulnerability in the Hyper Management Module HMM in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service web service outage via a crafted XML document...

Silver Stripe CMS: source code security analysis report

Several vulnerabilities were discovered in SilverStripe Limited 'Silver Stripe CMS' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Incorrect Newlin...

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

CVE-2016-1837

Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a...

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document...

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML...

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

Moodle: source code security analysis report

Several vulnerabilities were discovered in Moodle 'Moodle' software: File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Incorrect Newline Symbol Filtration in HTTP-response Headers Using Insufficiently Random Generators in Cryptography HttpOnly Cooki...

Hippo CMS: source code security analysis report

Several vulnerabilities were discovered in Hippo 'Hippo CMS' software: Using XSL Transformation to Execute Any Code Violating the Java Object Model Missing XML document schema validation Using Broken or Risky Cryptographic Algorithm Incorrect Permissions for External Entities During XML Document...

libxml2: Heap-based buffer overread in xmlPArserPrintFileContextInternal

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

libxml2: Heap-based buffer overread in htmlCurrentChar

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

Jetpack for WordPress: source code security analysis report

Several vulnerabilities were discovered in Automatic 'Jetpack for WordPress' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in...

openSUSE Security Update : libxml2 (openSUSE-2016-734)

This update brings libxml2 to version 2.9.4. These security issues were fixed : - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in recovery mode, allowed context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash v...

Code injection

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

Security update for libxml2 (important)

This update brings libxml2 to version 2.9.4. These security issues were fixed: - CVE-2016-3627: The xmlStringGetNodeList function in tree.c, when used in recovery mode, allowed context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash vi...

Advanced Module Manager Free extension for Joomla!: source code security analysis report

Several vulnerabilities were discovered in Regular Labs 'Advanced Module Manager Free extension for Joomla!' software: Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when Generating...

Vulnerabilities of iOS and Mac OS X operating systems, allowing attackers to trigger service interruptions or execute arbitrary code

The vulnerability of the libxml2 library in iOS and Mac OS X operating systems arises due to buffer overflows. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted XML document...

Vulnerabilities of iOS and Mac OS X operating systems, allowing attackers to trigger service interruptions or execute arbitrary code

The vulnerability of the libxml2 library in iOS and Mac OS X operating systems arises due to buffer overflows. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely or cause a service failure memory corruption using a specially crafted XML document...