XML External Entity (XXE)

org.eclipse.lyo.oslc4j.core:oslc4j-jena-provider is vulnerable to XML external entity attack. Default initialization of createTransformer does not restrict DTD document loading when working with RDF/XML formats, which allows remote attackers to retrieve external DTD documents...

Apple iOS 安全漏洞

Apple iOS is a set of operating systems developed by Apple Inc. for mobile devices. A security vulnerability previously existed in Apple iOS 15 and iPadOS 15, which stemmed from a logic issue when handling document loading...

Authorization Bypass

firefox is vulnerable to authorization bypass. The vulnerability exists as a flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain...

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation...

DEBIAN-CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation...

CVE-2018-11790

CVE-2018-11790 affects Apache OpenOffice 4.1.5 and earlier. The flaw is an arithmetic overflow in a string-length calculation when loading a document with an end-of-line termination smaller than the OS uses, triggered by handling virtual tables. Exploitation details are not explicitly provided in...

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation...

CVE-2018-11790

When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs. In this case OpenOffice runs into an Arithmetic Overflow at a string length calculation...

Redha redhat-certification denial of service vulnerability

Redhat redhat-certification is a certification service from Red Hat, an American company. A denial of service vulnerability exists in the way documents are loaded in Redha redhat-certification, which stems from the program's failure to control resource consumption and can be exploited by a remote...

PT-2018-10151 · Red Hat · Redhat-Certification

Name of the Vulnerable Software and Affected Versions: redhat-certification affected versions not specified Description: An uncontrolled resource consumption flaw has been discovered in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be...

UBUNTU-CVE-2016-9903

Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox 50.1...

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-0813, CVE-2015-0815, CVE-2015-0801 A flaw was found in the wa...

Mozilla: resource: // documents can load privileged pages (MFSA 2015-33)

A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox...

MS IE 4.0/4.0.1/5.0/5.0.1/5.5 preview Security Zone Settings Lag Vulnerability

No description provided by source. Microsoft Internet Explorer 4.0 for Windows 3.1/Windows 95,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5 preview,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Internet Explorer 5.0.1 Security Zone Setting...

Scientific Linux Security Update : firefox on SL5.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203 A flaw was...

Scientific Linux Security Update : firefox on SL4.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203 A flaw was...

firefox security update

CentOS Errata and Security Advisory CESA-2010:0500 An updated firefox package that addresses security issues, fixes bugs, adds numerous enhancements, and upgrades Firefox to version 3.6.4, is now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as...

devhelp, esc, firefox, gnome, totem, xulrunner, yelp security update

CentOS Errata and Security Advisory CESA-2010:0501 Updated firefox packages that address several security issues, fix bugs, add numerous enhancements, and upgrade Firefox to version 3.6.4, are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update a...

RHEL 5 : firefox (RHSA-2010:0501)

Updated firefox packages that address several security issues, fix bugs, add numerous enhancements, and upgrade Firefox to version 3.6.4, are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical security impact. Common...

Mozilla privilege escalation via XPCnativeWrapper pollution

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to 1 the document.loadBindingDocument...