GHSA-99WH-973F-779P XML External Entity Reference in Hazelcast

The AbstractXmlConfigRootTagRecognizer function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...

ARM Trusted Firmware M 安全漏洞

ARM Trusted Firmware M TFM is an open source software from ARM UK. It provides a set of highly configurable software components to create a trusted execution environment. A security vulnerability exists in Trusted Firmware M versions 1.4.x through 1.4.1, which stems from a psafwuwrite caller from...

How to disable XXE processing?

In my last post I talked about XXE vulnerabilities found on popular open-source projects and more generally how to assess this type of issue. Today, I’ll talk about the different strategies to disable XXE processing. External XXE and internal entities are useful for building concise XML documents...

in jesusfreke/smali

Description The loadResourceIds function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

in mybatis/generator

Description The isConfigFile function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...

GHSA-MH83-JCW5-RJH8 XML External Entity Reference in edu.stanford.nlp:stanford-corenlp

The TransformXML function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks...

UBUNTU-CVE-2021-40327

Trusted Firmware-M TF-M 1.4.0, when Profile Small is used, has incorrect access control. NSPE can access a secure key held by the Crypto service based solely on knowledge of its key ID. For example, there is no authorization check associated with the relationship between a caller and a key owner...

The vulnerability of the implementation of the NSPE mode for software that creates a trusted execution environment (TEE) in ARM Trusted Firmware-M (TF-M) allows a attacker to trigger a service failure or gain unauthorized access to protected information.

The vulnerability of the implementation of the NSPE mode for software that creates a trusted execution environment TEE in ARM Trusted Firmware-M TF-M is related to data writing outside of the buffer. Exploiting this vulnerability can allow an attacker to cause a service failure or gain unauthoriz...

PT-2021-4942

Name of the Vulnerable Software and Affected Versions Arm Trusted Firmware-M versions M through 1.2 Description The issue is related to an out-of-bounds write in the implementation of the NSPE Non-secure Processing Environment mode in Arm Trusted Firmware-M. This can cause a system halt, overwrit...

CVE-2017-7465

It was found that the JAXP implementation used in JBoss EAP 7.0 for XSLT processing is vulnerable to code injection. An attacker could use this flaw to cause remote code execution if they are able to provide XSLT content for parsing. Doing a transform in JAXP requires the use of a...

PT-2018-8385 · Red Hat · Jboss Eap

Name of the Vulnerable Software and Affected Versions: JBoss EAP version 7.0 Description: A code injection issue was found in the JAXP implementation used for XSLT processing, which could allow an attacker to achieve remote code execution if they can provide XSLT content for parsing. The issue...

SUSE: Security Advisory for xalan-j2 (SUSE-SU-2014:0870-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

CVE-2014-7296

The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURESECUREPROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL document...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...