713 matches found
JBoss: JAXP in EAP 7.0 allows RCE via XSL
It was found that the JAXP implementation used in EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing...
MGASA-2020-0233 Updated log4net packages fix security vulnerability
Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...
[SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-1.fc32
MinGW Windows libxml2 XML processing library...
The vulnerability of the building management software (management of access control, security systems, video surveillance, and automation) Andover Continuum System, related to the possibility of interference with XML data processing by the application, allows a intruder to gain access to the files in the application server’s file system.
The vulnerability of the building management software management of access control, security systems, video surveillance, and automation Andover Continuum System is related to the possibility of interference with XML data processing by the application. Exploiting this vulnerability can allow a...
Vulnerability in the library for processing and transforming HTML/XML code fragments: The Ruby loofah library has a vulnerability related to the lack of protection for website structure. This allows attackers to compromise data integrity.
The vulnerability in the library for processing and transforming HTML/XML code fragments in Ruby Loofah is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...
Privilege Escalation
ibm java is vulnerable to privilege escalation. A flaw was found in the way JAXP Java API for XML Processing components were handled, allowing them to be manipulated by untrusted applets. This could be used to elevate privileges and bypass secure XML processing restrictions...
CVE-2020-3846
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an...
SAP NetWeaver XML Processing Denial of Service Vulnerability
SAP NetWeaver is SAP's integrated technology platform. A security vulnerability exists in SAP NetWeaver's handling of XML documents, which can be exploited by remote attackers to submit a special request for a denial-of-service attack...
Atlassian Crowd XML Processing Denial of Service Vulnerability
Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization, and other functions for multiple users, web applications, and directory servers. Atlassian Crowd has a security vulnerability. Allows remote attackers to perform...
CVE-2019-20446
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...
CVE-2019-4707
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
UBUNTU-CVE-2019-2981
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...