SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)

This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...

XML External Entity (XXE)

quartz is vulnerable to XML external entity XXE attacks. The external DTDs and doctype declarations are not disabled by default, allowing an attacker to access system files, or perform requests on behalf of the server via a malicious XML document. The vulnerability also allows an attacker to...

[SECURITY] Fedora 30 Update: gnulib-0-31.20200107git.fc30

The GNU portability library is a macro system and C declarations and definitions for commonly-used API elements and abstracted system behaviors. It can be used to improve portability and other functionality in your progr ams...

CVE-2019-12996

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe...

Design/Logic Flaw

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe...

CVE-2019-12996

In Mendix 7.23.5 and earlier, issue in XML import mappings allow DOCTYPE declarations in the XML input that is potentially unsafe...

The vulnerability of XMLTooling’s XML file syntax analysis library lies in its improper handling of exceptions for incorrect XML declarations. This allows a malicious actor to trigger a service failure using a specially crafted XML structure.

The vulnerability of the XML parsing library XMLTooling is related to improper handling of exceptions for incorrect XML declarations. Exploiting this vulnerability can allow a malicious actor to cause service failures by using a specially crafted XML structure...

XMLTooling Denial of Service Vulnerability

XMLTooling is an XML parser. A denial of service vulnerability exists in XMLTooling, which can be exploited to cause a denial of service with malformed XML declarations...

XML External Entity (XXE)

processing is vulnerable to an XML External Entity XXE attack. The library does not disable external Document-Type Declarations, allowing a malicious user to conduct XXE attacks...

XML External Entity (XXE)

granite-client and granite-server is vulnerable to a XML external entity XXE attack. The library does not disable document type declarations, allowing a malicious user to pass an XML file to it conduct an XXE attack...

Security Bulletin: A vulnerability in Apache Solr (lucene) affects IBM InfoSphere Information Server

Summary A vulnerability in Apache Solr lucene was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2018-8026 DESCRIPTION: Apache Solr could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity XXE declarations ...

High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

The Problems and Promise of WebAssembly

Posted by Natalie Silvanovich, Project Zero WebAssembly is a format that allows code written in assembly-like instructions to be run from JavaScript. It has recently been implemented in all four major browsers. We reviewed each browser’s WebAssembly implementation and found three vulnerabilities...

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

PYSEC-2017-55

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

CVE-2016-4041

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

CVE-2016-4041

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

openSUSE Security Update : zlib (openSUSE-2017-46)

This update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number bsc1003580 - CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c bsc1003579 - Incompatible declarations for external...

SUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0003-1)

This update for zlib fixes the following issues : - CVE-2016-9843: Big-endian out-of-bounds pointer - CVE-2016-9842: Undefined Left Shift of Negative Number bsc1003580 CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c bsc1003579 Incompatible declarations for external...

SUSE-SU-2017:0003-1 Security update for zlib

This update for zlib fixes the following issues: CVE-2016-9843: Big-endian out-of-bounds pointer CVE-2016-9842: Undefined Left Shift of Negative Number bsc1003580 CVE-2016-9840 CVE-2016-9841: Out-of-bounds pointer arithmetic in inftrees.c bsc1003579 Incompatible declarations for external linkage...