28 matches found
qt5-qtbase: Double free in QXmlStreamReader
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document...
qt5-qtbase: Double free in QXmlStreamReader
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document...
. NET advanced code audit of the seven classes NetDataContractSerializer deserializing vulnerability-vulnerability warning-the black bar safety net
NetDataContractSerializer and DataContractSerializer for serialization and de-serialization in Windows Communication Foundation WCF message to send the data. Between the two there is an important difference: the NetDataContractSerializer includes CLR through the CLR type to add additional...
The vulnerability of the QXMLStreamReader function in the QXmlStream component of the cross-platform software development framework for Qt allows a perpetrator to cause a system failure or gain unauthorized access to information.
The vulnerability of the QXMLStreamReader function in the QXmlStream component of the cross-platform software development framework for Qt is related to double memory deallocation. Exploiting this vulnerability can allow an attacker to cause service failures or gain unauthorized access to...
camel-core: Validation component vulnerable to SSRF via remote DTDs and XXE
It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...
OpenJDK: XML stream factory finder information leak (JAXP, 8013502)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP...
OpenJDK: XML stream factory finder information leak (JAXP, 8013502)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP...
CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0 Reference: http://www.openoffice.org/security/cves/CVE-2012-2665.html Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0, all...