CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876...

openSUSE: Security Advisory for expat (openSUSE-SU-2016:1441-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for expat (important)

This update for expat fixes the following security issues: - CVE-2015-1283: Fixed multiple integer overflows that could lead to buffer overflows boo980391 - CVE-2016-0718: Fixed Expat XML parser that mishandles certain kinds of malformed input documents boo979441...

CVE-2016-1385

The XML parser in Cisco Adaptive Security Appliance ASA Software through 9.5.2 allows remote authenticated users to cause a denial of service instability, memory consumption, or device reload by leveraging 1 administrative access or 2 Clientless SSL VPN access to provide a crafted XML document, a...

CVE-2016-1385

The XML parser in Cisco Adaptive Security Appliance ASA Software through 9.5.2 allows remote authenticated users to cause a denial of service instability, memory consumption, or device reload by leveraging 1 administrative access or 2 Clientless SSL VPN access to provide a crafted XML document, a...

Code injection

The XML parser in Cisco Adaptive Security Appliance ASA Software through 9.5.2 allows remote authenticated users to cause a denial of service instability, memory consumption, or device reload by leveraging 1 administrative access or 2 Clientless SSL VPN access to provide a crafted XML document, a...

CVE-2016-1385

CVE-2016-1385 affects Cisco ASA XML parser. The issue arises from insufficient hardening of the XML parser, enabling a remote, authenticated attacker to cause denial of service (instability, memory consumption, or device reload) by sending a crafted XML document. Impact is observed with ASA Softw...

USN-2984-1: PHP vulnerabilities

It was discovered that the PHP Fileinfo component incorrectly handled certain magic files. An attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. CVE-2015-8865 Hans Jerry Illikainen...

DEBIAN-CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

EUVD-2016-2933

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

AIX 6.1 TL 9 : bos.rte.control (U866671)

The remote host is missing AIX PTF U866671, which is related to the security of the package bos.rte.control. Libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow in the xmlParseEntityDecl or xmlParseConditionalSections function. By using a specially crafted XML dat...

Cisco Adaptive Security Appliance XML Parser Denial of Service Vulnerability (cisco-sa-20160517-asa-xml)

A vulnerability in XML parser code of Cisco Adaptive Security Appliance Software could allow an authenticated, remote attacker to cause system instability or a reload of the affected system. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced...

expat: arbitrary code execution

CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...

Expat Memory Corruption Vulnerability

Expat is a U.S. software developer Jim Clark developed a C-based XML parser library , it uses a stream-oriented parser . A memory corruption vulnerability exists in Expat that stems from the program's failure to properly handle malicious input document types. An attacker could exploit this...

lib32-expat: arbitrary code execution

CVE-2015-1283 arbitrary code execution Multiple integer overflows in the XMLGetBuffer function allow remote attackers to cause a denial of service heap-based buffer overflow or possibly arbitrary code execution via crafted XML data. This problem has already been fixed in version 2.1.0-1 but this...

libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information...

DEBIAN-CVE-2016-3705

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

CVE-2016-3705

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

Debian DSA-3579-1 : xerces-c - security update

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

expat -- denial of service vulnerability on malformed input

Gustavo Grieco reports: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial...