Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

Updated openstack-nova packages that fix multiple security issues and various bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

Moderate: Red Hat Security Advisory: openstack-cinder security update

Updated openstack-cinder packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Code injection

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...

CVE-2013-2160

CVE-2013-2160 affects Apache CXF’s streaming XML parser. Versions affected: CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4. A crafted XML payload with a very large number of elements/attributes/nested constructs can cause denial of service through CPU and memory exhaustion. T...

CVE-2013-2160

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...

ruby: entity expansion DoS vulnerability in REXML

lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service memory consumption and crash via crafted text nodes in an XML document, aka an XML Entity Expansion XEE attack...

IceWarp Web Mail <= 10.4.5 Information Disclosure Vulnerability - Active Check

IceWarp Web Mail is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MGASA-2013-0233 Updated php packages fix CVE-2013-4113

Updated php packages fix security vulnerability: Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages have been upgraded to the latest version 2013.4...

Updated php packages fix CVE-2013-4113

Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. Additionally the php-timezonedb packages has been upgraded to the latest version 2013.4...

CVE-2013-3751

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

Oracle July 2013 Critical Patch Update patches 89 Flaws

It may not be the highest priority patch among the 89 released by Oracle yesterday in its July Critical Patch Update CPU, but a fix for an Outside In Technology vulnerability in Oracle’s Fusion middleware merits some extra attention. Oracle provides the technology in several of its products in...

CVE-2013-3751

CVE-2013-3751 is an unspecified vulnerability in the XML Parser component of Oracle Database Server affecting 11.2.0.2, 11.2.0.3, and 12.1.0.1. It allows remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors (CVSS v2 Base Score 9.0). The root cause ...

CVE-2013-3751

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...

FreeBSD : PHP5 -- Heap corruption in XML parser (31b145f2-d9d3-49a9-8023-11cf742205dc)

The PHP development team reports : ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the...

Oracle Database Multiple Vulnerabilities (July 2013 CPU)

The remote Oracle database server is missing the July 2013 Critical Patch Update CPU and is, therefore, potentially affected by security issues in the following components : - XML Parser - Network Layer - Oracle Executable - Core RDBMS %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Mandriva Linux Security Advisory : php (MDVSA-2013:195)

A vulnerability has been discovered and corrected in php : - Fixed PHP bug 65236 heap corruption in xml parser CVE-2013-4113. The updated packages have been upgraded to the 5.3.27 version which is not vulnerable to this issue. The php-timezonedb package has been updated to the 2013.4 version...

Oracle Linux 3 : httpd (ELSA-2009-1108)

From Red Hat Security Advisory 2009:1108 : Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server...

Oracle Linux 5 : tomcat (ELSA-2009-1164)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-1164 advisory. - add patch for CVE-2007-5333 Resolves: rhbz427779 - add patch for CVE-2008-5515 Resolves: rhbz504758 - add patch for CVE-2009-0033 - add patch for...

Oracle Linux 3 / 4 : 4Suite (ELSA-2009-1572)

From Red Hat Security Advisory 2009:1572 : An updated 4Suite package that fixes one security issue is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The 4Suite package contains XML-related...