2720 matches found
Amazon Linux: Security Advisory (ALAS-2012-88)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-4538
The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...
Xxe
The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...
CVE-2015-4538
CVE-2015-4538 affects EMC Atmos XML parser, where XML External Entity (XXE) processing in the parser prior to 2.2.3.426 and 2.3.x prior to 2.3.1.0 allows remote authenticated users to read arbitrary files or trigger a denial of service via an external entity and entity reference. Root cause is XX...
CVE-2015-4538
The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE...
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations...
FreeBSD-SA-15:20.expat
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:20.expat Security Advisory The FreeBSD Project Topic: Multiple integer overflows in expat libbsdxml XML parser Category: contrib Module: libbsdxml Announced:...
FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser
Problem Description: Multiple integer overflows have been discovered in the XMLGetBuffer function in the expat library. Impact: The integer overflows may be exploited by using specifically crafted XML data and lead to infinite loop, or a heap buffer overflow, which results in a Denial of Service...
CVE-2015-1283
Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data, a related...
Oracle E-Business Suite – XXE injection vulnerability
Application: Oracle E-Business Suite Vendor: Oracle Versions Affected: Oracle E-Business Suite 12.1.3, probably others Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory: 19.01.2016 Reference: Oracle CPU Jan 2016 Author: Nikita Kelesis, Ivan Chalykin,...
Oracle E-Business Suite - XXE injection vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: XML External Entit...
Scientific Linux Security Update : xerces-c on SL7.x x86_64 (20150629)
A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. CVE-2015-0252 %NASLMINLEVEL 70300 C Tenable Network Security,...
CentOS Update for xerces-c CESA-2015:1193 centos7
Check the version of xerces-c SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882212";...
Debian Security Advisory DSA 3298-1 (jackrabbit - security update)
It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as https or file. Dependi...
RedHat Update for xerces-c RHSA-2015:1193-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 7 : xerces-c (RHSA-2015:1193)
An updated xerces-c package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
xerces security update
CentOS Errata and Security Advisory CESA-2015:1193 An updated xerces-c package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
Moderate: Red Hat Security Advisory: xerces-c security update
An updated xerces-c package that fixes one security issue is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
xerces-c: crashes on malformed input
A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash...
[ERPSCAN-15-005] SAP Mobile Platform - XXE
ERPSCAN Research Advisory ERPSCAN-15-005 SAP Mobile Platform - XXE Application: SAP Mobile Platform 2.3 Versions Affected: SAP Mobile Platform 2.3, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 06.11.14 Reported: 06.11.14 Vendor response: 07.11.14 Date of Public...