Lucene search
K

23 matches found

RedHat Linux
RedHat Linux
added 2020/10/13 4:50 p.m.26 views

wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This iss...

5.3CVSS7.1AI score0.01292EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/09/03 12:0 a.m.3 views

The vulnerability of the XMLSchemaValidator class in the JAXP component of the WildFly software framework (JBoss Application Server) allows a malicious actor to gain access to read, modify, add, or delete data using various network protocols.

The vulnerability of the XMLSchemaValidator class in the JAXP component of the WildFly software framework JBoss Application Server is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to remotely gain access to read, modify, add, or delete data usi...

5.3CVSS6.6AI score0.01292EPSS
Exploits0References3Affected Software6
Debian CVE
Debian CVE
added 2020/07/15 7:14 p.m.28 views

CVE-2020-15366

An issue was discovered in ajv.validate in Ajv aka Another JSON Schema Validator 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. While untrusted schemas are recommended against, the worst case of an untrusted schema should be a...

6.8CVSS7.5AI score0.02313EPSS
Exploits0
Rows per page
Query Builder