CVE-2015-6837

The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking,...

CVE-2015-6838

The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument...

CVE-2015-4315

The Call Policy Configuration page in Cisco TelePresence Video Communication Server VCS Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitrary files or cause a denial of service via a crafted XML document, aka Bug ID CSCuv31853...

CVE-2015-3807

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service memory corruption via a crafted XML document...

Memory corruption

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service memory corruption via a crafted XML document...

CVE-2015-3807

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service memory corruption via a crafted XML document...

CVE-2015-3784

CVE-2015-3784 affects Apple’s Office Viewer in iOS versions before 8.4.1 and OS X versions before 10.10.5. The issue arises from an XML External Entity (XXE) vulnerability where an external entity declaration, combined with an entity reference, enables a remote attacker to read arbitrary files vi...

Server side request forgery (ssrf)

XML external entity XXE vulnerability in the dashbuilder import facility DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery SSRF attacks, and have other...

CVE-2015-1818

XML external entity XXE vulnerability in the dashbuilder import facility DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery SSRF attacks, and have other...

CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

Design/Logic Flaw

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

CVE-2015-3227

The 1 jdom.rb and 2 rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service SystemStackError via a large XML document depth...

libxml2: denial of service processing a crafted XML document

A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory...

[SECURITY] [DLA 266-1] libxml2 security update

Package : libxml2 Version : 2.7.8.dfsg-2+squeeze12 CVE ID : CVE-2015-1819 Debian Bug : 782782 782985 783010 This upload to Debian squeeze-lts fixes three issues found in the libxml2 package. 1 CVE-2015-1819 / 782782 Florian Weimer from Red Hat reported an issue against libxml2, where a parser whi...

DLA-266-1 libxml2 - security update

Bulletin has no description...

Xxe

The web-based user interface in Cisco Unified MeetingPlace 8.61.9 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCus97452...

CVE-2015-0758

Cisco Unified MeetingPlace 8.6(1.9) is affected by CVE-2015-0758 via an XML External Entity (XXE) processing flaw that allows authenticated, remote attackers to read arbitrary files from the server. The vulnerability stems from improper handling of XML entities in the web-based user interface, as...