713 matches found
Arbitrary file upload and XML External Entity processing
More info at https://www.neos.io/blog/flow-sa-2015-001.html...
Vulnerability of the Java Platform software platform, which allows attackers to manipulate the accessibility of information
The vulnerability of the JAXP sub-component in Jrockit and Java Platform is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using specially crafted data for the API function...
Vulnerability of Jrockit and Java Platform software platforms, which allow attackers to trigger service failures
The vulnerability of the JAXP sub-component in Jrockit and Java Platform is related to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by using specially crafted data for the API function...
Vulnerability of Jrockit and Java Platform software platforms, which allow attackers to manipulate the accessibility of information
The vulnerability of the JAXP sub-component in JRockit and Java Platform is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to compromise the accessibility of information...
OpenJDK: leak of user.dir location (JAXP, 8078427)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...
OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893...
OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893...
OpenJDK: leak of user.dir location (JAXP, 8078427)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...
OpenJDK: inefficient use of hash tables and lists during XML parsing (JAXP, 8068842)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911...
OpenJDK: incomplete supportDTD enforcement (JAXP, 8130078)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893...
OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...
Unspecified Vulnerability in Oracle Java SE (CNVD-2015-06917)
Oracle Java SE is the standard version of the Java platform is a Java2 platform to provide users with a program development environment. Oracle Java SE 6u101, 7u85,8u60; Java SE Embedded 8u51; An unspecified vulnerability exists in JRockit R28.3.7. Allows remote attackers to affect availability v...
Unspecified Vulnerability in Oracle Java SE (CNVD-2015-06916)
Oracle Java SE is the standard version of the Java platform is a Java2 platform to provide users with a program development environment. Oracle Java SE 6u101, 7u85, 8u60; Java SE Embedded 8u51; An unspecified vulnerability exists in JRockit R28.3.7. Allows remote attackers to affect availability...
Unspecified Vulnerability in Oracle Java SE (CNVD-2015-06920)
Oracle Java SE is the standard version of the Java platform is a Java2 platform to provide users with a program development environment. An unspecified vulnerability exists in Oracle Java SE 6u101, 7u85,8u60,Java SE Embedded 8u51. Allows remote attackers to affect confidentiality via vectors...
OpenJDK: leak of user.dir location (JAXP, 8078427)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...
OpenJDK: incomplete MaxXMLNameLimit enforcement (JAXP, 8086733)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...
OpenJDK: leak of user.dir location (JAXP, 8078427)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...
UBUNTU-CVE-2015-4893
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911...
UBUNTU-CVE-2015-4911
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893...
Important: jakarta-taglibs-standard
Issue Overview: It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution. Affected Packages:...