93 matches found
SUSE CVE-2014-3004
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
SUSE CVE-2017-18197
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...
SUSE CVE-2021-41098
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are...
SUSE CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
CLSA-2022-1661173656 Fixed 50 CVEs in java-1.7.0-openjdk
Bump to 2.6.28 and OpenJDK 7u351-b01. - Security fixes in 7u351: - CVE-2022-21540: Improve class compilation JDK-8281859 - CVE-2022-21541: Enhance MethodHandle invocations JDK-8281866 - CVE-2022-34169: Improve Xalan supports JDK-8285407 - Security fixes in 7u341: - CVE-2022-21426: Better XPath...
liquibase: Improper Restriction of XML External Entity
A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...
liquibase: Improper Restriction of XML External Entity
A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...
jersey: XXE via parameter entities
jersey: XXE via parameter entities not disabled by the jersey SAX parser...
GHSA-7G54-VGP6-JJ5W XML External Entity Reference in Apache Sling
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on...
Improper Restriction of XML External Entity Reference in Castor
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
GHSA-JWWR-FJGH-CV2X Improper Restriction of XML External Entity Reference in Castor
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...
Denial Of Service (DoS)
nokogiri is vulnerable to Denial Of Service DoS. SAX parser's inefficient entity handling for regular expressions causes excessive backtracking when a malicious documents are parsed which allows an attacker to cause an application crash...
OPENSUSE-SU-2022:0873-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Update to version jdk8u322 icedtea-3.22.0 Including the following security fixes: - CVE-2022-21248, bsc1194926: Enhance cross VM serialization - CVE-2022-21283, bsc1194937: Better String matching - CVE-2022-21293, bsc1194935: Improve...
SUSE-SU-2022:0871-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk fixes the following issues: Update to version jdk8u322 icedtea-3.22.0 Including the following security fixes: - CVE-2022-21248, bsc1194926: Enhance cross VM serialization - CVE-2022-21283, bsc1194937: Better String matching - CVE-2022-21293, bsc1194935: Improve...
GHSA-99WH-973F-779P XML External Entity Reference in Hazelcast
The AbstractXmlConfigRootTagRecognizer function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...
GHSA-MH83-JCW5-RJH8 XML External Entity Reference in edu.stanford.nlp:stanford-corenlp
The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...
OESA-2021-1396 rubygem-nokogiri security update
Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath. %if 0 Security Fixes: Nokogiri is a Rubygem providin...
CVE-2021-41098
A XML External Entity Reference XXE vulnerability was found in RubyGem Nokogiri on JRuby Java implementation of the Ruby. If attacker is able to insert untrusted XML input containing a reference to an external entity, it is processed by a weakly configured SAX parser, resulting disclosure of...
Nokogiri Code Issue Vulnerability
Nokogiri is an open source software library for parsing HTML and XML in Ruby . Nokogiri suffers from a code issue vulnerability that stems from the SAX parser parsing external entities by default in Nokogiri v1.12.4 and earlier versions, on JRuby only. No detailed vulnerability details are provid...
XML External Entity (XXE) Injection
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to XML External Entity XXE Injection. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected: - Nokogiri::XML::SAX::Parse -...