OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded (CNVD-2017-18570)

Oracle Java SE and Java SE Embedded are both products of Oracle Corporation. Java SE is an acronym for Java Platform Standard Edition based on the JDK and JRE for developing and deploying Java applications on desktops and servers as well as embedded devices and real-time environments. A security...

UBUNTU-CVE-2014-0225

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...

CVE-2014-0225

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...

CVE-2014-0225

CVE-2014-0225 affects Spring Framework when processing user-supplied XML: versions 4.0.0–4.0.4 and 3.0.0–3.2.8 (and possibly earlier unsupported revisions) did not disable by default the resolution of URI references in a DTD declaration, enabling an XML External Entity (XXE) attack. The initial d...

CVE-2014-0225

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...

CVE-2014-0225

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack...

Ubuntu 14.04 LTS : OpenJDK 7 regression (USN-3275-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3275-3 advisory. USN-3275-2 fixed vulnerabilities in OpenJDK 7. Unfortunately, the update introduced a regression when handling TLS handshakes. This update fixes the problem. We...

USN-3275-2: OpenJDK 7 vulnerabilities

USN-3275-1 fixed vulnerabilities in OpenJDK 8. This update provides the corresponding updates for OpenJDK 7. Original advisory details: It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java applicati...

USN-3275-1: OpenJDK 8 vulnerabilities

It was discovered that OpenJDK improperly re-used cached NTLM connections in some situations. A remote attacker could possibly use this to cause a Java application to perform actions with the credentials of a different user. CVE-2017-3509 It was discovered that an untrusted library search path fl...

JDK: XML External Entity Injection (XXE) error when processing XML data

IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150...

Jenkins Denial of Service Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Jenkin...

CVE-2016-6111

IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources...

CVE-2016-9707

CVE-2016-9707: IBM Jazz Foundation is affected by an XML External Entity (XXE) vulnerability in XML processing, enabling potential exposure of sensitive data or memory exhaustion. The IBM security bulletin maps the affected products to the IBM Jazz CLM family (including Rational Collaborative Lif...

CVE-2016-9724

IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference : 1999537...

CVE-2016-2908

IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service...

Microsoft PowerShell - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ================= www.microsoft.com Product: =========== PowerShell PowerShell including Windows PowerShell and PowerShell Core is a task automation and configuration management framework from...

jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags

It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 7.0.2 on RHEL 6

Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.0.2, fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scori...

SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2016:2012-1)

This update for java-180-openjdk fixes the following issues : - Upgrade to version jdk8u101 icedtea 3.1.0 - New in release 3.1.0 2016-07-25 : - Security fixes - S8079718, CVE-2016-3458: IIOP Input Stream Hooking bsc989732 - S8145446, CVE-2016-3485: Perfect pipe placement Windows only bsc989734 -...