16 matches found
EUVD-2020-1977
Malware in sbrugna...
CVE-2020-0479
In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a malicious app to access files available to the DocumentProvider without user permission, with no additional execution privileges needed. User interaction...
XML External Entity Reference in RESTEasy
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the 1 external-general-entities or 2 external-parameter-entities features, which allows remote attackers to conduct XML external entity XXE attacks via unspecified vectors...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.1.0 update
Red Hat JBoss BRMS 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
Important: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.4.1 update
Red Hat JBoss Data Grid 6.4.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
RESTeasy: External entities expanded by DocumentProvider
It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...
CVE-2014-7839
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the 1 external-general-entities or 2 external-parameter-entities features, which allows remote attackers to conduct XML external entity XXE attacks via unspecified vectors...
CVE-2014-7839
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the 1 external-general-entities or 2 external-parameter-entities features, which allows remote attackers to conduct XML external entity XXE attacks via unspecified vectors...
CVE-2014-7839
CVE-2014-7839 affects RESTEasy DocumentProvider in RESTEasy 2.3.7 and 3.0.9, where missing configuration of external-general-entities and external-parameter-entities enables XML External Entity (XXE) attacks via unspecified vectors. The connected Red Hat advisories (RHSA-2015:0218) reference this...
CVE-2014-7839
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the 1 external-general-entities or 2 external-parameter-entities features, which allows remote attackers to conduct XML external entity XXE attacks via unspecified vectors...
CVE-2014-7839
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the 1 external-general-entities or 2 external-parameter-entities features, which allows remote attackers to conduct XML external entity XXE attacks via unspecified vectors...