EUVD-2007-6693

Malware in sbrugna...

ch.hsr.mas.oms-financialanalyzer:indicators (=1.2.0), ch.hsr.mas.oms-financialanalyzer:oms-api (=1.2.0) +239 more potentially affected by CVE-2013-7315 via org.springframework:spring-oxm (>=3.0.0.RELEASE <=3.2.3.RELEASE)

org.springframework:spring-oxm MAVEN version =3.0.0.RELEASE, =2.6.20, =1.0-RELEASE, =0.9.3, =0.9.3, =0.9.3, =0.9.8, =0.9.3, =0.8.0, =0.8.0, =0.8.0, =1.0.1-RELEASE and more Source cves: CVE-2013-7315 Source advisory: OSV:GHSA-VP63-RRCM-9MPH...

ch.hsr.mas.oms-financialanalyzer:indicators (=1.2.0), ch.hsr.mas.oms-financialanalyzer:oms-api (=1.2.0) +239 more potentially affected by CVE-2013-4152 via org.springframework:spring-oxm (>=3.0.0.RELEASE <=3.2.3.RELEASE)

org.springframework:spring-oxm MAVEN version =3.0.0.RELEASE, =2.6.20, =1.0-RELEASE, =0.9.3, =0.9.3, =0.9.3, =0.9.8, =0.9.3, =0.8.0, =0.8.0, =0.8.0, =1.0.1-RELEASE and more Source cves: CVE-2013-4152 Source advisory: OSV:GHSA-RP4P-G69R-438X...

RHEL 6 : activemq (RHSA-2014:0254)

An updated activemq package that fixes multiple security issues is now available for Red Hat OpenShift Enterprise 1.2.7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

Framework: XML External Entity (XXE) injection flaw

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

Moderate: Red Hat Security Advisory: Red Hat JBoss A-MQ 6.1.0 update

Red Hat JBoss A-MQ 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS bas...

Moderate: Red Hat Security Advisory: Red Hat JBoss SOA Platform 5.3.1 update

Red Hat JBoss SOA Platform 5.3.1 roll up patch 4, which fixes two security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

CVE-2013-4152

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

CVE-2013-4152

CVE-2013-4152 affects Spring Framework: the SourceHttpMessageConverter in Spring MVC with JAXB marshaller does not disable external entity resolution, enabling XXE to read files, cause DoS, and CSRF via XXE in DOMSource/StAXSource/SAXSource/StreamSource. Affected: Spring Framework pre-3.2.4 and 4...

CVE-2013-4152

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in...

Debian Security Advisory DSA 2842-1 (libspring-java - denial of service)

Alvaro Munoz discovered a XML External Entity XXE injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites. The Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. There are four possible...

DSA-2842-1 libspring-java - several

Bulletin has no description...

XXE Injection in Spring Framework

Hello! I'll give you additional information concerning advisory XML External Entity XXE Injection in Spring Framework http://securityvulns.ru/docs29758.html. ------------------------- Affected products: ------------------------- - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM -...

CVE-2013-4152 XML External Entity &#40;XXE&#41; injection in Spring Framework

Severity: Important Vendor: Spring by Pivotal Versions Affected: - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM - 4.0.0.M1-4.0.0.M2 Spring MVC - Earlier unsupported versions may also be affected Description: The Spring OXM wrapper did not expose any property for disabling entity...

Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

Spring Source OXM 3.0.4 Command Injection

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

Fedora 11 : xmp-2.7.1-1.fc11 (2009-9675)

Update to latest stable release. Multiple bugfixes and memory leak fixes. Fixes for buffer overflows in DTT and OXM loaders. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean an...

CVE-2007-6731

Extended Module Player XMP 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in 1 testoxm and 2 decrunchoxm functions in misc/oxm.c, leading to a buffer overflow...

CVE-2007-6731

Extended Module Player XMP 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in 1 testoxm and 2 decrunchoxm functions in misc/oxm.c, leading to a buffer overflow...

Buffer overflow

Extended Module Player XMP 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in 1 testoxm and 2 decrunchoxm functions in misc/oxm.c, leading to a buffer overflow...