CVE-2017-8315

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml...

Eclipse IDE Eclipse XML Parser External Entity Injection Vulnerability

Eclipse IDE is the Eclipse Foundation's set of integrated development environment . Eclipse XML parser is one of the XML parser . A security vulnerability exists in the Eclipse XML parser in Eclipse IDE 2017.2.5 and earlier versions. An attacker can exploit this vulnerability to perform an XML...

OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2017-8315

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml...

CVE-2017-8315

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml...

Xxe

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml...

DEBIAN-CVE-2017-8315

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml...

CVE-2017-8315

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml...

CVE-2017-8315

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml...

CVE-2017-8315

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml...

Monero: Buffer out of bound read in miniupnpc xml parser

Summary: This is a buffer oob read vulnerability in miniupnpc when parsing xml response. This vulnerability could result in denial of service attack in monero client to in local area Network. Description: In miniupnpc, file "Minixml.c": The funnction parseelt: static void parseeltstruct xmlparser...

[SECURITY] [DSA 4175-1] freeplane security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4175-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4175-1] freeplane security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4175-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2018 https://www.debian.org/security/faq -...

Debian DSA-4175-1 : freeplane - security update

Wojciech Regula discovered an XML External Entity vulnerability in the XML Parser of the mindmap loader in freeplane, a Java program for working with mind maps, resulting in potential information disclosure if a malicious mind map file is opened. C Tenable Network Security, Inc. The descriptive...

Server side request forgery (ssrf)

The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0POSTHF6, and ITMS 7.6POSTHF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service,...

CVE-2017-6323

CVE-2017-6323 affects Symantec Management Console versions prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6 and ITMS 7.6_POST_HF7. Root cause is processing XML input with a reference to an external entity by a weakly configured XML parser (XXE). Potential impact includes disclosure of confidential data, ...

Debian: Security Advisory (DLA-1328-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1328-1] xerces-c security update

Package : xerces-c Version : 3.1.1-3+deb7u5 CVE ID : CVE-2017-12627 Debian Bug : 894050 Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research discovered that the Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while...

[ASA-201803-23] xerces-c: arbitrary code execution

Arch Linux Security Advisory ASA-201803-23 ========================================== Severity: High Date : 2018-03-25 CVE-ID : CVE-2017-12627 Package : xerces-c Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-644 Summary ======= The package xerces-c before...

Gemalto Sentinel LDK RTE custom XML-parser buffer error vulnerability

Gemalto Sentinel LDK RTE is a software protection and licensing solution from Gemalto USA. custom XML-parser is one of the XML parsers. A stack buffer overflow vulnerability exists in custom XML-parser in Gemalto Sentinel LDK RTE versions prior to 7.65. A remote attacker could exploit this...