2720 matches found
CVE-2008-4482
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service stack consumption and crash via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file...
[SECURITY] [DSA 3379-1] miniupnpc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3379-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3379-1] miniupnpc security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3379-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 25, 2015 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3379-1 (miniupnpc - security update)
Aleksandar Nikolic of Cisco Talos discovered a buffer overflow vulnerability in the XML parser functionality of miniupnpc, a UPnP IGD client lightweight library. A remote attacker can take advantage of this flaw to cause an application using the miniupnpc library to crash, or potentially to execu...
SAP Netwaver - XML External Entity Injection
Title: SAP Netwaver - XML External Entity Injection Author: Lukasz Miedzinski GPG: Public key provided in attachment Date: 29/10/2014 CVE: CVE-2015-7241 Affected software : =================== SAP Netwear : 7.01 Vendor advisories only for customers: =================== External ID : 851975 2014...
USN-2780-2: MiniUPnP vulnerability
USN-2780-1 fixed a vulnerability in the MiniUPnP library in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 15.04. This update provides the corresponding update for Ubuntu 15.10. Original advisory details: Aleksandar Nikolic discovered a buffer overflow vulnerability in the XML parser functionalit...
Ubuntu 15.10 : miniupnpc vulnerability (USN-2780-2)
USN-2780-1 fixed a vulnerability in the MiniUPnP library in Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 15.04. This update provides the corresponding update for Ubuntu 15.10. Aleksandar Nikolic discovered a buffer overflow vulnerability in the XML parser functionality of the MiniUPnP library. ...
OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...
OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...
OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...
OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911...
OpenJDK: leak of user.dir location (JAXP, 8078427)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...
Ubuntu 14.04 LTS : MiniUPnP vulnerability (USN-2780-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2780-1 advisory. Aleksandar Nikolic discovered a buffer overflow vulnerability in the XML parser functionality of the MiniUPnP library. A remote attacker could use this to cause a...
USN-2780-1: MiniUPnP vulnerability
Aleksandar Nikolic discovered a buffer overflow vulnerability in the XML parser functionality of the MiniUPnP library. A remote attacker could use this to cause a denial of service application crash or possibly execute arbitrary code with privileges of the user running an application that uses th...
Open-Xchange (OX) App Suite XEE Denial of Service Vulnerability
Open-Xchange OX App Suite is prone to a denial of service DoS vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
F5 BIG-IP - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148
The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...
F5 Networks BIG-IP : Expat vulnerabilities (K16949)
CVE-2012-0876 The XML parser xmlparse.c in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via an XML file with many identifiers with the same valu...
miniupnpc -- buffer overflow
Talos reports: An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted XML response can lead to a buffer overflow on the stack resulting in remote code execution. An attacker can set up a server on the local network to trigg...
MiniUPnP Internet Gateway Device Protocol XML Parser Buffer Overflow
Talos Vulnerability Report TALOS-2015-0035 MiniUPnP Internet Gateway Device Protocol XML Parser Buffer Overflow September 15, 2015 CVE Number CVE-2015-6031 Description An exploitable buffer overflow vulnerability exists in the XML parser functionality of the MiniUPnP library. A specially crafted...
Amazon Linux: Security Advisory (ALAS-2014-430)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...