2720 matches found
Xerces-C Security Advisory [CVE-2015-0252]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Xerces-C XML Parser library versions prior to V3.1.2 Description: The Xerces-C XML parser...
xerces-c: denial of service
CVE-2015-0252 denial of service The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. The bug does not appear to allow for remote code execution, but is a denial of service attack that in many applications may...
DSA-3199-1 xerces-c - security update
Bulletin has no description...
CVE-2015-0132
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a deni...
Code injection
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a deni...
CVE-2015-0132
The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a deni...
CVE-2015-0132
Technical details for CVE-2015-0132 are not provided in the connected documents. The initial entry describes a recursive entity expansion DoS in IBM Rational DOORS/Requirement Composer XML parser but no vendor/version specifics or fixes are given here. Monitor for updates.
[SECURITY] [DLA 172-1] libextlib-ruby security update
Package : libextlib-ruby Version : 0.9.13-2+deb6u1 CVE ID : CVE-2013-0156 Debian Bug : 697895 Import patches 633974b2759d9b92 and 4540e7102b803624 from uptream to remove symbol and YAML coercion from the XML parser...
Apache Tomcat 7.0.x < 7.0.54 / 8.0.x < 8.0.8 XML Parser Information Disclosure
Binary data 8921.pasl...
SAP Mobile Platform 2.3 - XXE vulnerability in application import
Application: SAP Mobile Platform 2.3 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 25.02.2015 Vendor response: 25.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152227 Authors: Vahagn Vardanyan ERPScan Vulnerability information Class: XML External...
CVE-2015-0620
The XML parser in Cisco TelePresence Management Suite TMS 14.3.2 and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494...
Xxe
The XML parser in Cisco TelePresence Management Suite TMS 14.3.2 and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494...
CVE-2015-0620
The XML parser in Cisco TelePresence Management Suite TMS 14.3.2 and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494...
CVE-2015-0620
CVE-2015-0620 concerns the Cisco TelePresence Management Suite (TMS) XML parser. Affected versions are TMS 14.3(.2) and earlier. The root cause is improper handling of XML external entities, enabling a remote authenticated attacker to cause a denial of service by submitting specially crafted POST...
Tomcat/JBossWeb: XML parser hijack by malicious web application
It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...
Oracle database XXE injection vulnerabilities(CVE-2 0 1 4-6 5 7 7)analysis-vulnerability warning-the black bar safety net
In this article, we will jointly analyze the Oracle database XXE injection vulnerabilitiesCVE-2 0 1 4-6 5 7 7, Oracle Corporation 1 month 2 0 day was released for the vulnerability related to the patch. About XXE relevant knowledge, you can view the security pulse of the station within other...
APPLE-SA-2015-01-27-1 Apple TV 7.0.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple TV 7.0.3 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem...
CVE-2014-4485
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted XML document...
Buffer overflow
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted XML document...
CVE-2014-4485
Buffer overflow in the XML parser in Foundation in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted XML document...