OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

MGASA-2014-0214 Updated libxml2 packages fix CVE-2014-0191

Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...

OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

OpenJDK: JAXP CharInfo file access restriction (JAXP, 8029282)

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

UBUNTU-CVE-2014-2403

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

CVE-2014-2746

net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

CVE-2014-2742

Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

Design/Logic Flaw

Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua...

CVE-2014-2745

Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua...

CVE-2014-2745

Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua...

CVE-2014-2746

net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service resource consumption via a crafted XMPP stream, aka an "xmppbomb" attack...

[oCERT-2014-002] Xalan-Java insufficient secure processing

2014-002 Xalan-Java insufficient secure processing Description: The Xalan-Java library is a popular XSLT processor from the Apache Software Foundation. The library implements the Java API for XML Processing JAXP which supports a secure processing feature for interpretive and XSLCT processors. The...

OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...

Solr: XML eXternal Entity (XXE) flaw in XML and XSLT UpdateRequestHandler

The 1 UpdateRequestHandler for XSLT or 2 XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, different...

OpenJDK: document builder missing security checks (JAXP, 8027201, 8025018)

Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect integrity via vectors related to JAXP. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the...