343 matches found
SOL15879 - SOAP parser vulnerability CVE-2013-1824
Certain product versions contain the affected code; however, those product versions do not parse untrusted XML input, and are therefore not exploitable. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate thi...
JAX-RS: Information disclosure via XML eXternal Entity (XXE)
It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...
libvirt security and bug fix update
0.10.2-46.0.1.el66.2 - Replace docs/et.png in tarball with blank image 0.10.2-46.el66.2 - qemu: allow restore with non-migratable XML input rhbz1155564 - qemu: Introduce qemuDomainDefCheckABIStability rhbz1155564 - Make ABI stability issue easier to debug rhbz1155564 - CVE-2014-3633: qemu:...
JAX-RS: Information disclosure via XML eXternal Entity (XXE)
It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...
JAX-RS: Information disclosure via XML eXternal Entity (XXE)
It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...
JAX-RS: Information disclosure via XML eXternal Entity (XXE)
It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...
DEBIAN-CVE-2013-7315
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...
Debian Security Advisory DSA 2255-1 (libxml2)
The remote host is missing an update to libxml2 announced via advisory DSA 2255-1. OpenVAS Vulnerability Test $Id: deb22551.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2255-1 libxml2 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
Spring Source OXM 3.0.4 Command Injection
Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...
Mandriva Linux Security Advisory : xerces-j2 (MDVSA-2011:108)
A vulnerability was discovered and corrected in xerces-j2 : Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and...
SuSE9 Security Update : Python (YOU Patch Number 12600)
This update of python has a copy of libxmlrpc that is vulnerable to denial of service bugs that can occur while processing malformed XML input. - CVSS v2 Base Score: 5.0 moderate AV:N/AC:L/Au:N/C:N/I:N/A:P: Permissions, Privileges, and Access Control CWE-264. CVE-2009-2625 - CVSS v2 Base Score: 5...
Input validation
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...
CVE-2009-2625
CVE-2009-2625 affects Apache Xerces2-Java (XML parser used by JRE/JDK) where parsing a malformed XML with systems DTD identifiers can cause DoS (hangs), via a vulnerability in SYSTEM handling in Xerces2 Java. Connected advisories confirm public fixes: Debian libxerces2-java updates (DSA-1984-1) a...
CVE-2009-2625
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...
CVE-2009-2625
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...
Ubuntu Update for libxslt vulnerabilities USN-633-1
Ubuntu Update for Linux kernel vulnerabilities USN-633-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6331.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for libxslt vulnerabilities USN-633-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
CVE-2008-2935
Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...
CVE-2008-2935
Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...
DEBIAN-CVE-2008-2935
Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...
USN-633-1: libxslt vulnerabilities
It was discovered that long transformation matches in libxslt could overflow. If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a deni...