[SECURITY] Fedora 21 Update: xerces-j2-2.11.0-22.fc21

Welcome to the future! Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface XNI, a complete framework f or building parser components and configurations that is extremely...

RHEL 5 : Red Hat JBoss Web Server 2.1.0 update (Important) (RHSA-2014:1088)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1088 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the...

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

SuSE 11.3 Security Update : tomcat6 (SAT Patch Number 9487)

Tomcat has been updated to version 6.0.41, which brings security and bug fixes. The following security fixes have been fixed : - A XXE vulnerability via user-supplied XSLTs. CVE-2014-0096 - Request smuggling via malicious content length header. CVE-2014-0099 - A XML parser hijack by malicious web...

RHEL 6 : tomcat6 (RHSA-2014:1038)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1038 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was found that several...

Low: Red Hat Security Advisory: tomcat6 security update

Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

CentOS 7 : tomcat (CESA-2014:1034)

Updated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the...

tomcat security update

CentOS Errata and Security Advisory CESA-2014:1034 Updated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

Low: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available from the...

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

SA-CORE-2014-004 - Drupal core - Denial of service

Drupal 6 and Drupal 7 include an XML-RPC endpoint which is publicly available xmlrpc.php. The PHP XML parser used by this XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site's database to rea...

Moderate: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.3.0 update

Red Hat JBoss Data Grid 6.3.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Oracle Database Multiple Vulnerabilities (July 2014 CPU)

The remote Oracle database server is missing the July 2014 Critical Patch Update CPU. It is, therefore, affected by security issues in the following components : - XML Parser - Network Layer - RDBMS Core %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

CVE-2014-2510

The JAXB XML parser in EMC Documentum Foundation Services DFS 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity...

Xxe

The JAXB XML parser in EMC Documentum Foundation Services DFS 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity...

CVE-2014-2510

CVE-2014-2510 concerns an XXE vulnerability in the JAXB XML parser used by EMC Documentum Foundation Services (DFS). Affected products and versions (as cited in ESA-2014-057 and NVD/NVD mirror entries) include EMC DFS 6.6 prior to P39, 6.7 SP1 prior to P28, and 6.7 SP2 prior to P15, as well as My...

CVE-2014-2510

The JAXB XML parser in EMC Documentum Foundation Services DFS 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, and CenterStage, allows remote authenticated users to read arbitrary files via an external entity...

RHEL 5 / 6 : Red Hat JBoss Enterprise Application Platform 6.2.4 (RHSA-2014:0843)

The remote Redhat Enterprise Linux 5 / 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2014:0843 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discover...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 security update

Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

ownCloud Multiple Vulnerabilities-02 (Jul 2014)

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if description...