Multiple integer overflows in the XML_GetBuffer function in Expat up to and including 2.1.0, as used in Google Chrome prior to 44.0.2403.89 and other products, allow remote malicious users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
libexpat project libexpat |
||
python python |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
debian debian linux 9.0 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
suse linux enterprise server 11 |
||
suse linux enterprise software development kit 12 |
||
suse studio onsite 1.3 |
||
suse linux enterprise server 12 |
||
suse linux enterprise software development kit 11 |
||
suse linux enterprise debuginfo 11 |
||
suse linux enterprise desktop 12 |
||
opensuse leap 42.1 |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |
||
oracle solaris 11.3 |
||
oracle solaris 10 |
Happy New Year from the Gin Palace
Juniper Networks has had its first big bug day in months, with 19 patches announced covering everything from third-party package catchups to critical errors in password handling. For the sake of organisation, let's pick up patches in the Junos OS first (there being so many patches, The Register will focus on those rated "High" and "Critical"). First on the critical list is CVE-2019-0006, which affects Junos OS 14.1X53, 15.1, and 15.1X53 running on EX, QFX and MX units. A crafted HTTP packet can ...