679 matches found
SAP NetWeaver XML Processing Denial of Service Vulnerability
SAP NetWeaver is SAP's integrated technology platform. A security vulnerability exists in SAP NetWeaver's handling of XML documents, which can be exploited by remote attackers to submit a special request for a denial-of-service attack...
Atlassian Crowd XML Processing Denial of Service Vulnerability
Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization, and other functions for multiple users, web applications, and directory servers. Atlassian Crowd has a security vulnerability. Allows remote attackers to perform...
CVE-2019-20446
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...
CVE-2019-4707
IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 172018...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
UBUNTU-CVE-2019-2981
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
PYSEC-2019-117
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with '...
PT-2019-16873 · Ibm · Ibm I2 Intelligent Analyis Platform
Name of the Vulnerable Software and Affected Versions: IBM i2 Intelligent Analyis Platform versions 9.0.0 through 9.1.1 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information o...
PT-2019-7881 · Omniauth · Omniauth-Saml
Name of the Vulnerable Software and Affected Versions: OmniAuth OmniAuth-SAML versions 1.9.0 and earlier Description: The issue arises from incorrect utilization of XML DOM traversal and canonicalization APIs, allowing an attacker to manipulate SAML data without invalidating its cryptographic...
PhpSpreadsheet 1.5.0 - XML External Entity (XXE)
PhpSpreadsheet 1.5.0 - XML External Entity XXE Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability...
SUSE-SU-2018:2898-2 Security update for smt, yast2-smt
This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read bsc1103809. - CVE-2018-12470: SQL injection in...
Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...