what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2016-5300

Status Candidate

Overview

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

Related Files

Slackware Security Advisory - python Updates
Posted May 5, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, python
systems | linux, slackware
advisories | CVE-2012-0876, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-9063, CVE-2017-9233, CVE-2018-1060, CVE-2018-1061
SHA-256 | cfec0d0baa4a36e1ae04f7f639de9cf2a3c468c972d456d4bc85ac32ebd1efec
Apple Security Advisory 2017-03-28-2
Posted Mar 28, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-28-2 - This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabilities in various included software.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153, CVE-2017-2383, CVE-2017-2463, CVE-2017-2479, CVE-2017-2480, CVE-2017-5029
SHA-256 | 5e917bb7e6f9edc636297d6a5ef7728eaba569232b19fbb441916d312716221a
Apple Security Advisory 2017-03-22-2
Posted Mar 24, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153
SHA-256 | e601858939a95c65d673d763bbb29441fc85d606b842630460eb8b9750f35800
Apple Security Advisory 2017-03-22-1
Posted Mar 23, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-22-1 - iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153
SHA-256 | 92a02342700665c6f80c898f87e8f99e851a1d4239733c1dbddbbd842956b509
Gentoo Linux Security Advisory 201701-21
Posted Jan 11, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201701-21 - Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. Versions less than 2.2.0-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6702, CVE-2013-0340, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300
SHA-256 | 73f628f33cf75bb2a7b04cf0934d009261b4c570e6e337d0bca9e29b8d571fd1
Slackware Security Advisory - expat Updates
Posted Dec 25, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300
SHA-256 | 3f42b6748e4fdf951b8600bc91953ddc4d04d534c6123c52abbc0f3cb1d32c92
Ubuntu Security Notice USN-3013-1
Posted Jun 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3013-1 - It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300
SHA-256 | 6aa1759ea4a56ff06cbcd1346041c06eac65ab5a67eb809302bc6274df1d8247
Ubuntu Security Notice USN-3010-1
Posted Jun 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3010-1 - It was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-6702, CVE-2016-5300
SHA-256 | 2b5fd3bd2daa487c282c26072ca85a214252d08ae2b0b736f89d37936653f75d
Debian Security Advisory 3597-1
Posted Jun 8, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3597-1 - Two related issues have been discovered in Expat, a C library for parsing XML.

tags | advisory
systems | linux, debian
advisories | CVE-2012-6702, CVE-2016-5300
SHA-256 | e61291a0f4f3c44ef322409dbdd155c8a4e23e2a4292599dec126b2124df9d9a
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close