Lucene search
K

343 matches found

F5 Networks
F5 Networks
added 2014/12/01 12:0 a.m.47 views

SOL15879 - SOAP parser vulnerability CVE-2013-1824

Certain product versions contain the affected code; however, those product versions do not parse untrusted XML input, and are therefore not exploitable. Vulnerability Recommended Actions If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate thi...

4.3CVSS1.7AI score0.04314EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/11/25 4:48 p.m.6 views

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...

5CVSS5.8AI score0.03031EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2014/11/18 12:0 a.m.49 views

libvirt security and bug fix update

0.10.2-46.0.1.el66.2 - Replace docs/et.png in tarball with blank image 0.10.2-46.el66.2 - qemu: allow restore with non-migratable XML input rhbz1155564 - qemu: Introduce qemuDomainDefCheckABIStability rhbz1155564 - Make ABI stability issue easier to debug rhbz1155564 - CVE-2014-3633: qemu:...

5.8CVSS1.7AI score0.02791EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2014/07/16 5:12 p.m.9 views

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...

5CVSS5.8AI score0.03031EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/06/26 3:16 p.m.12 views

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...

5CVSS5.8AI score0.03031EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/06/26 3:0 p.m.7 views

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...

5CVSS5.8AI score0.03031EPSS
Exploits0References4
OSV
OSV
added 2014/01/23 9:55 p.m.1 views

DEBIAN-CVE-2013-7315

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB,...

6.8CVSS9.1AI score0.03438EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2011/08/03 12:0 a.m.34 views

Debian Security Advisory DSA 2255-1 (libxml2)

The remote host is missing an update to libxml2 announced via advisory DSA 2255-1. OpenVAS Vulnerability Test $Id: deb22551.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2255-1 libxml2 Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

9.3CVSS0.9AI score0.13727EPSS
Exploits1
Packet Storm
Packet Storm
added 2011/07/03 12:0 a.m.49 views

Spring Source OXM 3.0.4 Command Injection

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/06/14 12:0 a.m.35 views

Mandriva Linux Security Advisory : xerces-j2 (MDVSA-2011:108)

A vulnerability was discovered and corrected in xerces-j2 : Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and...

5CVSS6.3AI score0.3038EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2010/05/14 12:0 a.m.30 views

SuSE9 Security Update : Python (YOU Patch Number 12600)

This update of python has a copy of libxmlrpc that is vulnerable to denial of service bugs that can occur while processing malformed XML input. - CVSS v2 Base Score: 5.0 moderate AV:N/AC:L/Au:N/C:N/I:N/A:P: Permissions, Privileges, and Access Control CWE-264. CVE-2009-2625 - CVSS v2 Base Score: 5...

5CVSS6.4AI score0.3038EPSS
Exploits5References6
Prion
Prion
added 2009/08/06 3:30 p.m.31 views

Input validation

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

5CVSS6.6AI score0.3038EPSS
Exploits2References63Affected Software9
CVE
CVE
added 2009/08/06 3:0 p.m.254 views

CVE-2009-2625

CVE-2009-2625 affects Apache Xerces2-Java (XML parser used by JRE/JDK) where parsing a malformed XML with systems DTD identifiers can cause DoS (hangs), via a vulnerability in SYSTEM handling in Xerces2 Java. Connected advisories confirm public fixes: Debian libxerces2-java updates (DSA-1984-1) a...

5CVSS6.1AI score0.3038EPSS
Exploits2References63Affected Software1
Cvelist
Cvelist
added 2009/08/06 3:0 p.m.35 views

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

6.5AI score0.3038EPSS
Exploits2References63
UbuntuCve
UbuntuCve
added 2009/08/06 12:0 a.m.55 views

CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

5CVSS6.8AI score0.3038EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.33 views

Ubuntu Update for libxslt vulnerabilities USN-633-1

Ubuntu Update for Linux kernel vulnerabilities USN-633-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6331.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for libxslt vulnerabilities USN-633-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

7.5CVSS0.6AI score0.1279EPSS
Exploits4References2
UbuntuCve
UbuntuCve
added 2008/08/01 2:41 p.m.44 views

CVE-2008-2935

Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...

7.5CVSS7.4AI score0.12789EPSS
Exploits2References2
NVD
NVD
added 2008/08/01 2:41 p.m.23 views

CVE-2008-2935

Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...

7.5CVSS7.3AI score0.12789EPSS
Exploits2References27
OSV
OSV
added 2008/08/01 2:41 p.m.2 views

DEBIAN-CVE-2008-2935

Multiple heap-based buffer overflows in the rc4 1 encryption aka exsltCryptoRc4EncryptFunction and 2 decryption aka exsltCryptoRc4DecryptFunction functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containin...

7.5CVSS9.7AI score0.12789EPSS
Exploits2References1
Ubuntu
Ubuntu
added 2008/08/01 2:32 p.m.68 views

USN-633-1: libxslt vulnerabilities

It was discovered that long transformation matches in libxslt could overflow. If an attacker were able to make an application linked against libxslt process malicious XSL style sheet input, they could execute arbitrary code with user privileges or cause the application to crash, leading to a deni...

7.5CVSS8.3AI score0.1279EPSS
Exploits4
Rows per page
Query Builder