9 matches found
XML External Entity (XXE) Processing
camunda-xml-model is vulnerable to XML external entity XXE processing attacks. The library does not set the expandEntityReferences property of the DocumentBuilderFactory to false by default. This can allow an attacker to gain access to the system's filesystem or execute HTTP and FTP requests...
Gentoo Security Advisory GLSA 201603-12
Gentoo Linux Local Security Checks SPDX-FileCopyrightText: 2016 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.121454";...
GLSA-201603-12 : FlightGear, SimGear: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201603-12 FlightGear, SimGear: Multiple vulnerabilities Multiple format string vulnerabilities in FlightGear and SimGear allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via...
CVE-2012-2091
Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a 1 long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in...
CVE-2012-2090
Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to 1...
Buffer overflow
Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service crash and possibly execute arbitrary code via a 1 long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in...
CVE-2012-2090
Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to 1...
CVE-2012-2090
Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to 1...
CVE-2012-2090
Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to 1...