Red Hat JBoss Seam Framework XXE Information Disclosure (CVE-2013-6447)

An information disclosure vulnerability has been reported in Red Hat JBoss Seam Framework. The vulnerability is due to an incorrectly configured XML parser accepting XML eXternal Entities XXE from untrusted sources being used by the ExecutionHandler, PollHandler, and SubscriptionHandler classes...

Xxe

The XML parser crmflexdata in SAP Customer Relationship Management CRM 7.02 EHP 2 has unknown impact and attack vectors related to an XML External Entity XXE issue...

CVE-2013-7095

CVE-2013-7095 concerns the XML parser (crm_flex_data) in SAP Customer Relationship Management (CRM) 7.02 EHP 2, with an XML External Entity (XXE) issue. The connected sources indicate the impact and attack vectors are unknown. No explicit exploit details, affected versions beyond 7.02 EHP 2, or r...

JDK: XML4J xml entity expansion excessive memory use (XML)

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service memory consumption via a crafted XML document that triggers expansion for many entities...

Oracle Database Server Multiple Information Disclosure Vulnerabilities

Oracle Database Server is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenJDK: XML parsing Denial of Service (JAXP, 8014530)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JAXP...

CVE-2013-5372

The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial of service memory consumption via a crafted XML document that triggers expansion for many entities...

CVE-2013-5771

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unknown vectors...

CVE-2013-5771

CVE-2013-5771 concerns Oracle Database Server XML Parser vulnerabilities in Oracle Database Server versions 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1. The issue, described as an unspecified vulnerability in the XML Parser component, could allow remote attackers to affect confidentiality and avai...

CVE-2013-5771

Unspecified vulnerability in the XML Parser component in Oracle Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote attackers to affect confidentiality and availability via unknown vectors...

Oracle Database Multiple Vulnerabilities (October 2013 CPU) (BEAST)

The remote Oracle database server is missing the October 2013 Critical Patch Update CPU. It is, therefore, affected by multiple security vulnerabilities in the following components : - Core RDBMS - Oracle Security service - XML Parser %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Debian DSA-2779-1 : libxml2 - denial of service

Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

DSA-2779-1 libxml2 - denial of service

Bulletin has no description...

Debian: Security Advisory (DSA-2779-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MS13-072: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537)

The remote Windows host is running a version of Microsoft Office, Microsoft Word, Office Compatibility Pack, or Microsoft Word Viewer that is affected by the following remote code execution vulnerabilities : - A remote code execution vulnerability exists due to the way the XML parser used by Word...

MS13-073: Vulnerabilities in Microsoft Excel could allow remote code execution: September 10, 2013

This security update addresses the vulnerabilities by correcting how Microsoft Excel and other affected Microsoft software validates data when parsing specially crafted Office files and by correcting how the XML parser used by Excel resolves external entities within a specially crafted...

SAP CRM crm_flex_data - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Exploits: YES Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 16.11.2013 Reference: SAP Security Note 1909665 Authors: Alexey Tyurin, Nikolay Mescherin ERPScan Description...

SAP CRM gwsync - XXE

Application: SAP CRM Versions Affected: SAP CRM 7.02 EHP 2 Vendor URL: http://www.sap.com Bugs: XXE Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 25.01.2014 Reference: SAP Security Note 1917054 CVSS: AV:N/AC:L/AU:N/C:P/I:N/A:N 5.0 Authors: Alexey Tyurin, Nikolay...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-88)

Multiple flaws were discovered in the CORBA Common Object Request Broker Architecture implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. CVE-2012-1711 , CVE-2012-1719 It was discovered that the...