The xmlParserHandlePEReference function in parser.c in libxml2 prior to 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XML document.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle fusion middleware 11.1.1.7.0 |
||
oracle fusion middleware 12.1.2.0.0 |
||
oracle fusion middleware 12.1.3.0.0 |
Thirty-three fixes flung at Cupertino's telly-enhancer
Apple has patched 33 problems, collectively named in 58 CVEs, in its latest TV-enhancing computer-puck, of which 10 enable arbitrary code execution, six with system privileges. 32 of the flaws hit third-generation Apple TV devices and just one its newer, fatter, fourth-gen beast. The good news is that the changes will automagically appear for those users with automatic updates turned on. The rest are susceptible to nasties like a memory corruption flaw (CVE-2015-5776) that allows remote attacker...