714 matches found
[SECURITY] Fedora 31 Update: mingw-libxml2-2.9.10-3.fc31
MinGW Windows libxml2 XML processing library...
[SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-3.fc32
MinGW Windows libxml2 XML processing library...
Xxe
An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files...
The vulnerability of the XMLSchemaValidator class in the JAXP component of the WildFly software framework (JBoss Application Server) allows a malicious actor to gain access to read, modify, add, or delete data using various network protocols.
The vulnerability of the XMLSchemaValidator class in the JAXP component of the WildFly software framework JBoss Application Server is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to remotely gain access to read, modify, add, or delete data usi...
dom4j: XML External Entity vulnerability in default SAX parser
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...
The vulnerability of the JAXP component in Oracle Java SE and Java SE Embedded software allows a attacker to gain access to read, modify, add, or delete data.
The vulnerability of the JAXP component in Oracle Java SE and Java SE Embedded software platforms is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to read, modify, add, or delete data using various network...
OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
Updated xerces-c packages fix security vulnerability
A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition DTD may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially...
The vulnerability of PerformancePoint Services in Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server allows a perpetrator to execute arbitrary code.
The vulnerability of PerformancePoint Services in Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server is related to errors in processing XML requests. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...
USN-4433-1 openjdk-lts vulnerabilities
Johannes Kuhn discovered that OpenJDK incorrectly handled access control contexts. An attacker could possibly use this issue to execute arbitrary code. CVE-2020-14556 It was discovered that OpenJDK incorrectly handled memory allocation when reading TIFF image files. An attacker could possibly use...
OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
dotnet: XML source markup processing remote code execution
It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core...
The vulnerability of the Microsoft .NET Framework software platform, Microsoft Visual Studio for software development, and Microsoft SharePoint Server and Microsoft SharePoint Enterprise Server packages, related to errors in processing XML requests, allows a perpetrator to execute arbitrary code.
The vulnerability of the Microsoft .NET Framework software platform, as well as the Microsoft Visual Studio development tools, Microsoft SharePoint Server, and Microsoft SharePoint Enterprise Server, is related to errors in processing XML requests. Exploiting this vulnerability allows a malicious...
dotnet: XML source markup processing remote code execution
It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core...
OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
Remote Code Execution (RCE)
.NET Core is vulnerable to remote code execution RCE. The vulnerability exists in the XML source markup processing...
dotnet: XML source markup processing remote code execution
It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core...
dotnet: XML source markup processing remote code execution
It was discovered that .NET Core did not properly check the source markup of XML files. A remote, unauthenticated attacker could possibly exploit this flaw to execute arbitrary code by sending specially crafted requests to an application parsing certain kinds of XML files or an ASP.NET Core...