379 matches found
OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...
OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...
OpenJDK: Missing check for valid DOMCanonicalizationMethod canonicalization algorithm (Libraries, 8014281)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...
Design/Logic Flaw
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect...
[SECURITY] [DSA 2710-1] xml-security-c security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2710-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 18, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2710-1 (xml-security-c - several vulnerabilities)
James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2153 The implementation of XML digital...
apache-xml-security-c -- heap overflow
The Apache Software Foundation reports: A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitary code execution. If verification of the signature occurs prior to actual evaluation of a signin...
Mac OS X 10.8 < 10.8.3 Multiple Vulnerabilities (Security Update 2013-001)
Binary data 801018.prm...
CVE-2012-3695
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property...
CVE-2012-3695
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property...
CVE-2012-3695
CVE-2012-3695 corresponds to a Cross-site scripting (XSS) vulnerability in WebKit used by Apple Safari before version 6.0. The issue arises from improper URL canonicalization during handling of the location.href property, enabling remote attackers to inject arbitrary web script or HTML. The provi...
CVE-2011-4599
Stack-based buffer overflow in the canonicalize function in common/uloc.c in International Components for Unicode ICU before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization...
DEBIAN-CVE-2011-4599
Stack-based buffer overflow in the canonicalize function in common/uloc.c in International Components for Unicode ICU before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization...
CVE-2011-4599
Stack-based buffer overflow in the canonicalize function in common/uloc.c in International Components for Unicode ICU before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization...
CVE-2011-4599
Stack-based buffer overflow in the canonicalize function in common/uloc.c in International Components for Unicode ICU before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization...
Medium: icu
Issue Overview: A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute...
Mandriva Update for icu MDVSA-2011:194 (icu)
Check for the Version of icu OpenVAS Vulnerability Test Mandriva Update for icu MDVSA-2011:194 icu Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
CVE-2011-4675
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading tilde characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolu...
CVE-2011-4675
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading tilde characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolu...
CVE-2011-4675
CVE-2011-4675 affects Widelands prior to 15.1. The pathname canonicalization in io/filesystem/filesystem.cc expands leading ~ (tilde) characters to home-directory paths and does not restrict their use in network-provided strings, potentially allowing remote attackers to perform absolute path trav...