2722 matches found
Security Bulletin: Apache Xerces-C vulnerabilities (XML4C) affects IBM Cloud Manager with OpenStack (CVE-2016-0729)
Summary IBM Cloud Manager with Openstack is vulnerable to a Apache Xerces-C XML Parser library vulnerablities. Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input...
Security Bulletin: Apache Xerces-C vulnerabilities affects IBM Cloud Manager with OpenStack (CVE-2016-4463)
Summary IBM Cloud Manager with Openstack is vulnerable to a Apache Xerces-C XML Parser library vulnerablities. Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this...
JetBrains IntelliJ IDEA XML parser XML External Entity Injection Vulnerability
JetBrains IntelliJ IDEA is the Czech Republic JetBrains set of integrated development environment for the Java language . XML parser is one of the XML parser . An XML external entity injection vulnerability exists in the XML parser in JetBrains IntelliJ IDEA, which can be exploited to retrieve...
CVE-2016-8526
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities XXE. XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attac...
CVE-2017-8316
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml...
Xxe
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml...
CVE-2017-8316
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml...
CVE-2017-8316
This CVE (CVE-2017-8316) affects JetBrains IntelliJ IDEA’s XML parser. The connected documents describe an XML External Entity (XXE) injection vulnerability in the IntelliJ IDEA XML parser, enabling an attacker to exploit via a malicious AndroidManifest.xml to retrieve arbitrary files from a user...
PT-2018-8384 · Red Hat · Jboss Eap
Name of the Vulnerable Software and Affected Versions: JBoss EAP version 7.0 Description: The JAXP implementation used for SAX and DOM parsing in JBoss EAP is susceptible to certain XXE flaws. This could allow an attacker to cause a denial of service, server-side request forgery, or information...
CVE-2018-10600
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution in certain situations on specific platforms, and denial of service attacks...
Design/Logic Flaw
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution in certain situations on specific platforms, and denial of service attacks...
CVE-2018-10600
SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution in certain situations on specific platforms, and denial of service attacks...
CVE-2018-10600
SEL AcSELerator Architect 2.2.24.0 and prior is affected by an XXE vulnerability caused by unsanitized input passed to the XML parser. This may lead to disclosure of arbitrary data, potential arbitrary code execution on certain platforms, and denial of service. Affected product: AcSELerator Archi...
CVE-2018-7783
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...
Xxe
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...
CVE-2018-7783
Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity XXE vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of arbitrary data on the affected node via out-of-band OOB attack. The vulnerability is triggered when input...
EulerOS 2.0 SP3 : xerces-c (EulerOS-SA-2018-1160)
According to the versions of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read an...
Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple Expat vulnerabilities (CVE-2016-5300, CVE-2016-6702)
Summary Multiple vulnerabilities have been identified in Expat that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2012-6702 DESCRIPTION: Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, could...
Security Bulletin: IBM Tivoli Common Reporting (TCR) 2017Q3 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities
Summary Fixes of Cognos Business Intelligence are provided as part of TCR fixes This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Versi...
Security Bulletin: A vulnerability in the agent core framework affects IBM Performance Management products
Summary The agent core framework component makes use of expat. Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, could provide weaker than expected security. The expat XML parser is vulnerable to a denial of service, caused by the failure to use sufficient...