1178 matches found
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
libxslt:xpath: Heap-buffer-overflow in xmlXPathCompileExpr
Project: https://gitlab.gnome.org/GNOME/libxslt.git Detailed Report: https://oss-fuzz.com/testcase?key=5638886922911744 Project: libxslt Fuzzing Engine: afl Fuzz Target: xpath Job Type: aflasanlibxslt Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x7fd03ca4f7c8 Crash...
CVE-2018-14404
A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the...
Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20191016)
Security Fixes : - OpenJDK: Improper handling of Kerberos proxy credentials Kerberos, 8220302 CVE-2019-2949 - OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn Scripting, 8223518 CVE-2019-2975 - OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
Denial Of Service (DoS)
OpenJDK is vulnerable to denial of service DoS. The vulnerability exists through an unexpected exception thrown by XPath processing crafted XPath expression...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JAXP. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2019-0370
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...
Input validation
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...
CVE-2019-0370
Due to missing input validation, SAP Financial Consolidation, before versions 10.0 and 10.1, enables an attacker to use crafted input to interfere with the structure of the surrounding query leading to XPath Injection...
CVE-2019-0370
CVE-2019-0370 affects SAP Financial Consolidation (before v10.0 and v10.1). The vulnerability arises from missing input validation, allowing crafted input to interfere with the structure of surrounding queries, resulting in an XPath Injection. The connected documents confirm the root cause (input...
PRODSECBUG-2272: XPath Injection via front end rendering functionality
More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...
libxslt:xpath: Heap-buffer-overflow in xsltFormatNumberConversion
Project: https://gitlab.gnome.org/GNOME/libxslt.git Detailed Report: https://oss-fuzz.com/testcase?key=5656808252768256 Project: libxslt Fuzzing Engine: afl Fuzz Target: xpath Job Type: aflasanlibxslt Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x60300000131f Crash...
libxslt/xpath: Crash in xmlXPathCompileExpr
Project: https://gitlab.gnome.org/GNOME/libxslt.git Detailed report: https://oss-fuzz.com/testcase?key=5702070090334208 Project: libxslt Fuzzer: libFuzzerlibxsltxpath Fuzz target binary: xpath Job Type: libfuzzerubsanlibxslt Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x7fccc6e37fd...
AZADMIN CMS Of HIDEA 1.0 SQL Injection
Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files: newsdet.php + Dork :...
EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2019-1614)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There ...