libxml2: CPU exhaustion when processing specially crafted XML input

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU...

MGASA-2016-0164 Updated xstream packages fix CVE-2016-3674

Updated xstream packages fix security vulnerability: XStream x-stream.github.io is a Java library to marshal Java objects into XML and back. For this purpose it supports a lot of different XML parsers. Some of those can also process external entities which was enabled by default. An attacker coul...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

Oracle Java SE, Java SE Embedded and JRockit JAXP Subcomponent Denial of Service Vulnerability (CNVD-2016-02470)

Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a powerful, reliable, and portable...

UBUNTU-CVE-2016-3425

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP...

AddToMenu Joomla Extensions Free: source code security analysis report

Several vulnerabilities were discovered in Regular Labs 'AddToMenu Joomla Extensions Free' software: Incorrect Permissions for External Entities During XML Document Processing Incorrect User Input Filtration when Generating Code on the Fly...

IBM Financial Transaction Manager for Corporate Payment Services Information Disclosure Vulnerability

IBM Financial Transaction Managerfor Corporate Payment Services is a financial transaction manager product that focuses on monitoring, tracking, and reporting financial payments and transactions. A security vulnerability in IBM FTM for Corporate Payment Services processing XML files on multiple...

[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22

MinGW Windows libxml2 XML processing library...

[SECURITY] Fedora 23 Update: mingw-libxml2-2.9.3-1.fc23

MinGW Windows libxml2 XML processing library...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.6 update on RHEL 5

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.6, fix several bugs, add various enhancements, and resolve one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A...

jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags

It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...

jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags

It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

Unspecified Vulnerability in Oracle Java SE JAXP Component

Sun Java Runtime Environment is a solution that provides a reliable runtime environment for JAVA applications. An unspecified security vulnerability in Sun Java Runtime Environment and the Java SE Embedded and JRockit JAXP components allows remote attackers to conduct denial-of-service attacks by...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...