Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

Libexpat contains a denial-of-service DoS vulnerability. A remote attacker could exploit this by chaining together an excessive number of general entities. Malicious use of this linear entity chain would subsequently result in uncontrolled recursion, leading to a stack overflow and crash...

Oracle JRockit R28 < R28.3.9 Multiple Vulnerabilities (January 2016 CPU) (SLOTH)

The version of Oracle JRockit installed on the remote Windows host is R28 prior to R28.3.9. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Security subcomponent due to a failure to reject MD5 signatures in the server signature within the TLS 1.2...

RESTeasy: External entities expanded by DocumentProvider

It was found that the RESTEasy DocumentProvider did not set the external-parameter-entities and external-general-entities features appropriately, thus allowing external entity expansion. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessibl...