Lucene search
K

8 matches found

RedHat Linux
RedHat Linux
added 2020/07/28 3:54 p.m.3 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/23 8:13 p.m.5 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/12 5:7 p.m.3 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/12 5:2 p.m.4 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/03/12 5:0 p.m.2 views

xml-security: Apache Santuario potentially loads XML parsing code from an untrusted source

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS7.3AI score0.00776EPSS
Exploits0References4
OSV
OSV
added 2019/08/27 5:41 p.m.1 views

GHSA-4Q98-WR72-H35W Improper input validation in Apache Santuario XML Security for Java

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS5.9AI score0.00776EPSS
Exploits0References15
OSV
OSV
added 2019/08/23 9:15 p.m.1 views

DEBIAN-CVE-2019-12400

In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this...

5.5CVSS6.8AI score0.00776EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/09/02 4:28 p.m.4 views

dashbuilder: XXE/SSRF vulnerability

A flaw was found in the dashbuilder import facility: the DocumentBuilders instantiated in org.jboss.dashboard.export.ImportManagerImpl did not disable external entities. This could allow an attacker to perform a variety of XML External Entity XXE and Server-Side Request Forgery SSRF attacks...

7.5CVSS5.7AI score0.02244EPSS
Exploits0References4
Rows per page
Query Builder