Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

[SECURITY] [DSA 2886-1] libxalan2-java security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2886-1 [email protected] http://www.debian.org/security/ Florian Weimer March 26, 2014 http://www.debian.org/security/faq -...

[SECURITY] [DSA 2886-1] libxalan2-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2886-1 [email protected] http://www.debian.org/security/ Florian Weimer March 26, 2014 http://www.debian.org/security/faq -...

DSA-2886-1 libxalan2-java - security update

Bulletin has no description...

Thunderbird < 24.1 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 24.1 and is, therefore, potentially affected by the following vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure ...

Thunderbird ESR < 17.0.10 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird ESR is prior to 17.0.10 and is, therefore, potentially affected the following vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure ...

Firefox < 25.0 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox is earlier than 25.0 and is, therefore, potentially affected by multiple vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure of...

Firefox < 25.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 25.0 and is, therefore, potentially affected by the following vulnerabilities : - The implementation of Network Security Services NSS does not ensure that data structures are initialized, which could result in a denial of service or disclosure of...

DSA-2654-1 libxslt - denial of service

Bulletin has no description...

USN-1784-1: libxslt vulnerability

Nicholas Gregoire discovered that libxslt incorrectly handled certain empty values. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could cause libxslt to crash, causing a denial of service...

RHEL 5 : java-1.6.0-bea (RHSA-2008:0245)

Updated java-1.6.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.6.003 JRE and SDK contain BEA WebLog...

[USN-1595-1] libxslt vulnerabilities

========================================================================== Ubuntu Security Notice USN-1595-1 October 04, 2012 libxslt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

USN-1595-1: libxslt vulnerabilities

Chris Evans discovered that libxslt incorrectly handled generate-id XPath functions. If a user or automated system were tricked into processing a specially crafted XSLT document, a remote attacker could obtain potentially sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10....

Debian: Security Advisory (DSA-2402-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2400-1 : iceweasel - several vulnerabilities

Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. - CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting i...

Debian DSA-2402-1 : iceape - several vulnerabilities

Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of SeaMonkey : - CVE-2011-3670 Gregory Fleischer discovered that IPv6 URLs were incorrectly parsed, resulting in potential information disclosure. - CVE-2012-0442 Jesse Ruderman and Bob Clary discovered...

DSA-2402-1 iceape - several

Bulletin has no description...

libxml2: double-free caused by malformed XPath expression in XSLT

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...

RHEL 4 / 5 : java-1.5.0-bea (RHSA-2008:0244)

Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.5.014 JRE and SDK conta...