255 matches found
CVE-2018-2492
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50...
Design/Logic Flaw
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50...
CVE-2018-2477
Knowledge Management XMLForms in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source...
Design/Logic Flaw
Knowledge Management XMLForms in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source...
GHSA-VQ9J-JH62-5HMP Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
Description: The Validation Component of Apache Camel evaluates DTD headers of XML stream sources, although a validation against XML schemas XSD is executed. Remote attackers can use this feature to make Server-Side Request Forgery SSRF attacks by sending XML documents with remote DTDs URLs or XM...
CVE-2018-12544
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...
CVE-2018-2465
SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...
CVE-2018-2465
SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...
CVE-2018-2462
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source...
Design/Logic Flaw
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source...
CVE-2018-2465
SAP HANA versions 1.0 and 2.0 Extended Application Services classic model OData parser does not sufficiently validate XML. By exploiting, an unauthorized hacker can cause the database server to crash...
CVE-2018-2462
In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. 7.40, 7.41, 7.50, does not sufficiently validate an XML document accepted from an untrusted source...
CVE-2018-2416
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source...
CVE-2018-2416
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source...
Design/Logic Flaw
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source...
CVE-2018-2416
SAP Identity Management 7.2 and 8.0 do not sufficiently validate an XML document accepted from an untrusted source...
CVE-2018-2416
CVE-2018-2416 affects SAP Identity Management 7.2 and 8.0, where XML from an untrusted source is not properly validated. Connected sources describe an XML External Entity Injection risk that could lead to information disclosure or denial of service. The documents do not specify affected subcompon...
SUSE-SU-2017:2749-1 Security update for xerces-j2
xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file...
Oracle Integration Gateway File Upload Vulnerability
Exploit for windows platform in category web applications 1. ADVISORY INFORMATION Title: File Upload in Integration Gateway PSIGW Advisory ID: ERPSCAN-17-039 Advisory URL: https://erpscan.com/advisories/erpscan-17-039-file-upload-integration-gateway-psigw-peoplesoft/ Risk: High Date published:...
CVE-2017-7664
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0...