953 matches found
Apache Camel: source code security analysis report
Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Camel' software: Using Synchronization Primitives in EJB components Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources Violating the Java Object Model Using...
MODX Revolution: source code security analysis report
Several vulnerabilities were discovered in MODX 'MODX Revolution' software: Incorrect User Input Filtration when Connecting to External Files File System Path Manipulation Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random...
NUnit: source code security analysis report
Several vulnerabilities were discovered in NUnit.org 'NUnit' software: Использование статических генераторов псевдослучайных чисел в криптографических целях Некорректная фильтрация пользовательского ввода при передаче управления сторонним компонентам Некорректная фильтрация пользовательского ввод...
Joomla!: source code security analysis report
Several vulnerabilities were discovered in Open Source Matters, Inc. 'Joomla!' software: Using Global Variables Incorrect User Input Filtration when Using the unserialize Function Using Insufficiently Random Generators in Cryptography Incorrect Permissions for External Entities During XML...
CVE-2016-1762
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...
CVE-2016-1761
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML document...
Memory corruption
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML document...
Heap overflow
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...
CVE-2016-1761
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML document...
CVE-2016-1762
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...
CVE-2016-1761
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML document...
CVE-2016-1762
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...
CVE-2016-1358
Cisco Prime Infrastructure 2.2, 3.0, and 3.10.0 allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID...
Design/Logic Flaw
The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...
CVE-2016-2570
The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...
Out-of-bounds
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...
CVE-2016-2073
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...
CVE-2016-2073
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...
CVE-2016-2073
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...
CVE-2016-2073
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service out-of-bounds read via a crafted XML document...