CVE-2014-4485

CVE-2014-4485: Buffer overflow in Foundation XML parser affects iOS before 8.1.3, OS X before 10.10.2, and Apple TV before 7.0.3. Remote code execution or app crash possible via crafted XML. Remediation: update to iOS 8.1.3, OS X 10.10.2, or Apple TV 7.0.3+.

CVE-2015-0581

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related ...

Xxe

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related ...

CVE-2015-0581

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, as demonstrated by reading private keys, related ...

CVE-2015-0581

The CVE-2015-0581 issue affects Cisco Prime Service Catalog prior to 10.1, where the XML parser is vulnerable to an XML External Entity (XXE) attack. Remote authenticated users can read arbitrary files or trigger a denial of service (CPU/memory consumption) by crafting an external entity declarat...

CVE-2014-6577

CVE-2014-6577 is an Oracle Database Server issue affecting the XML Developer's Kit for C component. Versions 11.2.0.3/11.2.0.4/12.1.0.1/12.1.0.2 are affected. The vulnerability is described as an XML external entity (XXE) issue in the XML parser that could allow a remote, authenticated user to af...

CVE-2014-0191

CVE-2014-0191 affects libxml2 up to version 2.9.1, where xmlParserHandlePEReference can load external parameter entities even when entity substitution or validation is disabled. This vulnerability can be exploited by processing crafted XML to cause resource consumption and denial of service in af...

Oracle Solaris Third-Party Patch Update : python (multiple_vulnerabilities_in_python) (BEAST)

The remote Solaris system is missing necessary patches to address security updates : - The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained...

Oracle Solaris Third-Party Patch Update : libexpat (multiple_resource_management_error_vulnerabilities)

The remote Solaris system is missing necessary patches to address security updates : - The XML parser xmlparse.c in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service...

McAfee ePolicy Orchestrator Multiple Vulnerabilities (Jan 2015)

McAfee ePolicy Orchestrator is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)

The remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries : - Multiple vulnerabilities exist in the bundled Python library. CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150,...

Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20141126)

Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. CVE-2014-8080, CVE-2014-8090 All running instances of Ruby need to be...

CentOS 6 : ruby (CESA-2014:1911)

Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

ruby security update

CentOS Errata and Security Advisory CESA-2014:1911 Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

Moderate: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix three security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

MGASA-2014-0472 Updated ruby packages fix security vulnerabilities

Will Wood discovered that Ruby incorrectly handled the encodes function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a...

MGASA-2014-0460 Updated boinc-client packages fix security vulnerability

Multiple stack overflow flaws were found in the way the XML parser of boinc-client, a Berkeley Open Infrastructure for Network Computing BOINC client for distributed computing, performed processing of certain XML files. A rogue BOINC server could provide a specially-crafted XML file that, when...

Updated boinc-client packages fix security vulnerability

Multiple stack overflow flaws were found in the way the XML parser of boinc-client, a Berkeley Open Infrastructure for Network Computing BOINC client for distributed computing, performed processing of certain XML files. A rogue BOINC server could provide a specially-crafted XML file that, when...