1013 matches found
CVE-2016-0457
Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456. NOTE: the previous information is...
The vulnerability of the Flash Player and Adobe Integrated Runtime software allows a perpetrator to execute arbitrary code.
The vulnerabilities of the Flash Player and Adobe Integrated Runtime programs are caused by an overflow in the dynamic memory buffer. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code using a specially created XML object during a call to the toString method...
Apple iOS libxml2 memory corruption vulnerability (CNVD-2016-00215)
iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1. A remote attacker could exploit this vulnerability ...
Camel: XXE in via SAXSource expansion
It was found that Apache Camel's XML converter performed XML External Entity XXE expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more...
libxml2: CPU exhaustion when processing specially crafted XML input
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU...
libxml2: Out-of-bounds memory access
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...
libxml2: Out-of-bounds memory access
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...
libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information...
Cisco Adaptive Security Appliance Software Denial of Service Vulnerability (CNVD-2015-07836)
Cisco Adaptive Security Appliance Software is a modular platform that provides security and VPN services from Cisco. A denial of service vulnerability exists in Cisco Adaptive Security Appliance Software 8.4 that could allow an authenticated remote user to cause a denial of service via a crafted...
PT-2015-3258
Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.3 Description The issue is related to the xmlSAX2TextNode function in the HTML parser of libxml2, which allows context-dependent attackers to cause a denial of service or obtain sensitive information via crafted X...
UBUNTU-CVE-2015-8241
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...
Vulnerability of the Java Platform software platform, which allows attackers to gain access to protected information
The vulnerability of the JAXP sub-component of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to protected information through a Java Web Start application or Java applet...
Unspecified Vulnerability in Apple OS X Server Wiki Server XML
Apple Mac OS X is a commercial operating system. Multiple unspecified vulnerabilities exist in Apple OS X Server Wiki Server processing XML. A detailed vulnerability description is not currently available...
Vulnerabilities of iOS and Mac OS X operating systems, which allow attackers to gain access to protected information or cause service failures
The vulnerability of the libxml2 component in iOS and Mac OS X operating systems arises due to buffer overflows. Exploiting this vulnerability can allow an attacker to gain access to sensitive information or cause service failures by using a specially crafted XML document...
DEBIAN-CVE-2015-1283
Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data, a related...
Z-BLOG Blind-XXE Arbitrary File Read Vulnerability
Z-Blog is developed by RainbowSoft Studio a Blog program based on the Asp platform . Z-Blog has an arbitrary file read vulnerability. /zbsystem/xml-rpc/index.php directly call simpleloadstring parsing XML, resulting in XML entity injection, an attacker can read system files using the vulnerabilit...
SAP Mobile Platform XML External Entity Information Disclosure Vulnerability
SAP Mobile Platform SMP is a mobile application development platform from SAP. The platform is used to build packaged and customized development applications for any device. A security vulnerability exists in the SAP Mobile Platform XML external entity. This vulnerability could be exploited by an...
Apache Jackrabbit XML External Entity Input Vulnerability
Apache Jackrabbit is a full compliance with the Java API version of the content storage specification JCR implementation . An XML external entity injection vulnerability exists in Apache Jackrabbit, which allows remote attackers to exploit the vulnerability by submitting a special XML request to...
IBM License Metric Tool Directory Traversal Vulnerability
The IBM License Metric Tool is a free tool from IBM USA that helps IBM Passport Advantage Software Upgrade and Support Services customers determine their Processor Value Unit PVU license requirements. A directory traversal vulnerability exists in the IBM License Metric Tool and Tivoli Asset...
XStream: remote code execution due to insecure XML deserialization
It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream...