Lucene search
+L

1013 matches found

RedHat Linux
RedHat Linux
added 2013/11/07 4:45 p.m.3 views

JDK: unspecified sandbox bypass (XML)

Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 before SR7, 6.0.0 before SR15, and 5.0.0 before SR16 FP4 allows remote attackers to access restricted classes via unspecified vectors related to XML and XSL...

6.8CVSS6.2AI score0.02812EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/09/09 4:51 p.m.10 views

Java: XML signature spoofing

A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via ...

4.3CVSS5.9AI score0.0593EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2013/08/27 6:50 p.m.5 views

vdsm: incomplete fix for CVE-2013-0167 issue

VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged guest users to cause the host to become "unavailable to the managment server" via invalid XML characters in a guest agent response. NOTE: this issue is due to an incomplete fix for CVE-2013-0167...

2.7CVSS5.8AI score0.00557EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/07/15 8:21 p.m.5 views

php: xml_parse_into_struct buffer overflow when parsing deeply nested XML

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other impact via a crafted document that is processed by the xmlparseintostruct function...

6.8CVSS7.5AI score0.05186EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/05/28 5:35 p.m.10 views

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2013/04/22 9:17 p.m.7 views

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

5CVSS6.6AI score0.3038EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/03/21 6:8 p.m.6 views

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

5CVSS7.4AI score0.04593EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2013/01/09 12:0 a.m.4 views

PT-2013-2057 · Microsoft · Xml Core Services +2

Name of the Vulnerable Software and Affected Versions: Microsoft XML Core Services versions 3.0 through 6.0 Description: The issue arises from the improper parsing of XML content, allowing remote attackers to execute arbitrary code via a crafted web page. This can corrupt memory in such a way tha...

9.3CVSS7.7AI score0.28084EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2013/01/08 4:36 a.m.5 views

neon: billion laughs DoS attack

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...

4.3CVSS6.8AI score0.08437EPSS
Exploits1References4
OSV
OSV
added 2012/12/21 5:46 a.m.3 views

DEBIAN-CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data...

5CVSS8.8AI score0.0326EPSS
Exploits0References1
OSV
OSV
added 2012/07/03 7:55 p.m.5 views

DEBIAN-CVE-2012-1148

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service memory consumption via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities...

5CVSS8.8AI score0.03565EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2012/06/12 11:19 p.m.6 views

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

5CVSS6.6AI score0.3038EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2011/09/15 7:8 p.m.7 views

JBossWS remote Denial of Service

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterpris...

5CVSS6.9AI score0.02664EPSS
Exploits0References4
OSV
OSV
added 2011/06/21 2:52 a.m.4 views

UBUNTU-CVE-2011-1756

modules/xmpp/servxmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue t...

5CVSS5.8AI score0.0266EPSS
Exploits0References2
PyPA
PyPA
added 2011/04/11 6:55 p.m.6 views

PYSEC-2011-20

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...

4.3CVSS6.1AI score0.02443EPSS
Exploits1References12Affected Software1
OSV
OSV
added 2011/04/04 12:27 p.m.2 views

DEBIAN-CVE-2011-1425

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

5.1CVSS6.7AI score0.08057EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2010/11/26 8:32 a.m.7 views

Google Chrome information disclosure vulnerability

Overview Google Chrome contains an information disclosure vulnerability. Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

6.5CVSS6.2AI score0.00761EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2010/09/14 12:0 a.m.8 views

PT-2010-4733 · Splunk · Splunk

Name of the Vulnerable Software and Affected Versions: Splunk versions 4.0.0 through 4.1.4 Description: The XML parser in Splunk allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity XXE attack. This issue affects the XML parser, which ca...

8.8CVSS8.4AI score0.01048EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/12/10 12:3 a.m.6 views

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

5CVSS6.6AI score0.3038EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2009/12/09 11:14 p.m.6 views

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

5CVSS6.6AI score0.3038EPSS
Exploits2References4
Rows per page
Query Builder