Lucene search
+L

1013 matches found

RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.3 views

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

4.3CVSS6.6AI score0.07616EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.4 views

RESTeasy: External entities expanded by DocumentProvider

It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...

6.4CVSS5.8AI score0.01955EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.8 views

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...

5CVSS5.8AI score0.03031EPSS
Exploits0References4
CNVD
CNVD
added 2015/05/14 12:0 a.m.4 views

Mozilla Thunderbird XML Content Parsing Buffer Overflow Vulnerability

Mozilla Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. A buffer overflow vulnerability in Mozilla Thunderbird's handling of compressed XML content allows remote attackers to exploit the vulnerability by submitting a specially crafted HTML message that can be trick...

7.5CVSS7.6AI score0.07417EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.7 views

The vulnerability of the Libxml2 software library for analyzing XML documents lies in the fact that an out-of-bound operation can be executed, allowing an attacker to cause a service failure.

The vulnerability of the Libxml2 software library for analyzing XML documents relates to the execution of operations beyond the acceptable data buffer limits. Exploiting this vulnerability allows a malicious actor to cause service failures...

4.3CVSS6.8AI score0.03147EPSS
Exploits2References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.7 views

The vulnerability of the XML Security Library, related to bypassing authentication through spoofing, allows attackers to compromise data integrity.

The vulnerability of the XML Security Library relates to the bypassing of authentication mechanisms through spoofing. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

7.5CVSS7.2AI score0.06348EPSS
Exploits0References5Affected Software2
CNVD
CNVD
added 2015/04/16 12:0 a.m.8 views

Unspecified XXE Injection Vulnerability in IBM InfoSphere MDM Reference Data Management

IBM InfoSphere MDM Reference Data Management provides a range of capabilities essential for seamlessly managing reference data in the information world across different business domains, including comprehensive authoring and lifecycle management capabilities, a version control model, role-based...

5CVSS7.1AI score0.01302EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/14 12:0 a.m.5 views

MediaWiki Denial of Service Vulnerability (CNVD-2015-02419)

MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki. When the program uses HHVM or Zend PHP, a remote attacker can exploit the vulnerability to cause a denial of service 'Quadratic Blowup' and memory corruption via an XML file containing entity declarations and multiple enti...

7.1CVSS7AI score0.0271EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/02 12:0 a.m.8 views

SAP Mobile Platform XXE Information Disclosure Vulnerability

SAP Mobile Platform is an enterprise mobility platform. SAP Mobile Platform suffers from an XXE External Entity Reference vulnerability that allows remote attackers to submit special XML to send requests to an internal server to obtain sensitive information...

5CVSS6.8AI score0.01611EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/26 12:0 a.m.2 views

Cagintranet Networks GetSimple CMS Cross-Site Scripting Vulnerability

Cagintranet Networks GetSimple CMS is an XML-based content management system from Cagintranet Networks, USA. The system includes a theme selector and editor, a component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS th...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2015/03/19 12:0 a.m.5 views

IBM Rational DOORS Next Generation and Rational Requirements Composer Denial of Service Vulnerabilities

IBM Rational DOORS Next Generation and Rational Requirements Composer are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A security vulnerability exists in the XML parser of IBM...

7.8CVSS6.8AI score0.01328EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/03/11 4:51 p.m.3 views

Java: Java XML Signature DoS Attack

It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions DTDs to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial ...

4.3CVSS5.8AI score0.08863EPSS
Exploits0References4
CNVD
CNVD
added 2015/02/28 12:0 a.m.3 views

PNMsoft Sequence Kinetics Denial of Service Vulnerability

PNMsoft Sequence Kinetics is a next-generation business process management suite released by Israel-based PNMsoft that enables rapid establishment of high-availability workflow applications and close human collaboration on change while maintaining lifecycle governance. A denial of service...

5CVSS6.7AI score0.01218EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.4 views

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

4.3CVSS6.6AI score0.07616EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/17 10:27 p.m.4 views

OpenJDK: XML parsing Denial of Service (JAXP, 8017298)

A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an...

7.1CVSS6.7AI score0.24738EPSS
Exploits0References5
CNVD
CNVD
added 2015/01/30 12:0 a.m.3 views

Apple TV and iOS XML Parser Buffer Overflow Vulnerability

Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. A buffer overflow vulnerability exists in the processing of XML files in App...

7.5CVSS7.5AI score0.04204EPSS
Exploits0References1
CNVD
CNVD
added 2015/01/14 12:0 a.m.6 views

odata4j XML External Entity Injection Vulnerability

odata4j is a new open source toolkit. An external entity injection vulnerability exists in odata4j XML, which can be exploited by attackers to obtain sensitive information...

5CVSS7.2AI score0.0211EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2014/11/26 4:52 p.m.5 views

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.8AI score0.05538EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/11/26 4:9 p.m.6 views

ruby: REXML billion laughs attack via parameter entity expansion

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

5CVSS6.8AI score0.05538EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/11/20 6:51 p.m.19 views

libxml2: denial of service via recursive entity expansion

A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denial of service bas...

5CVSS6.7AI score0.03988EPSS
Exploits1References4
Rows per page
Query Builder