[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22

MinGW Windows libxml2 XML processing library...

[SECURITY] Fedora 23 Update: mingw-libxml2-2.9.3-1.fc23

MinGW Windows libxml2 XML processing library...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.6 update on RHEL 5

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.6, fix several bugs, add various enhancements, and resolve one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A...

jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags

It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...

jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags

It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

Unspecified Vulnerability in Oracle Java SE JAXP Component

Sun Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability in Sun Java Runtime Environment and the Java SE Embedded and JRockit JAXP components allows remote attackers to conduct denial-of-service attacks by...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

CVE-2016-0466

Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

UBUNTU-CVE-2016-0466

Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP...

OpenMRS 2.3 (1.11.4) XXE Injection

!/usr/bin/env python OpenMRS 2.3 1.11.4 XML External Entity XXE Processing PoC Exploit Vendor: OpenMRS Inc. Product web page: http://www.openmrs.org Affected version: OpenMRS 2.3, 2.2, 2.1, 2.0 Platform 1.11.4 Build 6ebcaf, 1.11.2 and 1.10.0 OpenMRS-TB System OpenMRS 1.9.7 Build 60bd9b Summary:...

libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...