34 matches found
Streamworks Job Scheduler Release 7 Authentication Weakness
Affected Products Streamworks Job Scheduler Release 7 older/newer releases have not been tested References Secuvera-SA-2016-01 https://www.secuvera.de/advisories/secuvera-SA-2016-01.txt used for updates No CVE number could be assigned vendor not listed under...
IBM WebSphere Application Server for UNIX Elevation of Privilege Vulnerability
IBM WebSphere Application Server WAS for UNIX is the United States IBM developed and released a UNIX platform based on the application server products, it is the platform for Java EE and Web services applications, but also the basis of the IBM WebSphere software platform. A security vulnerability...
Debian: Security Advisory (DLA-1036-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-12874
The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities...
MGASA-2017-0221 Updated gsoap packages fix security vulnerability
A potential vulnerability to a large and specific XML message over 2GB in size greater than 2147483711 bytes to trigger the software bug. A buffer overflow can cause an open unsecured server to crash or malfunction after 2GB is received CVE-2017-9765...
[SECURITY] [DLA 1036-1] gsoap security update
Package : gsoap Version : 2.8.7-2+deb7u1 CVE ID : CVE-2017-9765 A vulnerability was discovered in gsoap, a library for the development of SOAP web services and clients, that may be exposed with a large and specific XML message over 2 GB in size. After receiving this 2 GB message, a buffer overflo...
Apache Camel XSLT Component Java Code Execution (CVE-2014-0003)
A code execution vulnerability has been reported in Apache Camel. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted XML message to the vulnerable server. Successful exploitation could result in the execution of arbitrary Java code...
Incomplete fix for CVE-2013-7315 / CVE-2013-6429 (XXE)
Spring MVC's Jaxb2RootElementHttpMessageConverter also processed user provided XML and neither disabled XML external entities nor provided an option to disable them. Jaxb2RootElementHttpMessageConverter has been modified to provide an option to control the processing of XML external entities and...
Design/Logic Flaw
Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service memory, thread, and CPU consumption via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request...
CVE-2012-4067
Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service memory, thread, and CPU consumption via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request...
CVE-2012-4067
CVE-2012-4067 affects Eucalyptus Walrus prior to version 3.2.2. A crafted XML message containing a DTD can trigger a denial-of-service by exhausting memory, threads, and CPU resources, demonstrated via a bucket-logging request. Related entries also reference CVE-2013-2296. Multiple connected sour...
Low: Red Hat Security Advisory: sblim-cim-client2 security update
Updated sblim-cim-client2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...
Microsoft IIS WebDAV XML Message Handler Denial of Service (MS04-030; CVE-2003-0718)
The WebDAV protocol Web-based Distributed Authoring and Versioning is an extension to HTTP/1.1 that provides a capability for web page authoring over HTTP. The Microsoft WebDAV component is provided with Microsoft Internet Information Services Server IIS in order to provide support for WebDAV. Th...
Cisco Unified MeetingPlace Template Cross-Site Scripting Vulnerability
Cisco Unified MeetingPlace versions prior to 5.3.235.0 contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability exists due to insufficient filtering of parameters by Cisco Unified MeetingPlace. An unauthenticated,...