Lucene search
K

61 matches found

Fedora
Fedora
added 2024/03/07 10:33 p.m.22 views

[SECURITY] Fedora 40 Update: xalan-j2-2.7.3-3.fc40

Xalan is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements the W3C Recommendations for XSL Transformations XSLT and the XML Path Language XPath. It can be used from the command line, in an applet or a servlet, or as a module in other...

8.8CVSS7AI score0.02578EPSS
Exploits3
Fedora
Fedora
added 2024/03/07 10:32 p.m.32 views

[SECURITY] Fedora 40 Update: bcel-6.8.1-3.fc40

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...

8.8CVSS6.8AI score0.02578EPSS
Exploits3
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.4 views

SUSE CVE-2013-5604

The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote...

9.3CVSS9.3AI score0.06493EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.4 views

SUSE CVE-2015-6837

The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking,...

7.5CVSS8.4AI score0.06574EPSS
Exploits0References9
Fedora
Fedora
added 2022/12/11 1:47 a.m.40 views

[SECURITY] Fedora 35 Update: bcel-6.4.1-10.fc35

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...

9.8CVSS1AI score0.02836EPSS
Exploits0
Fedora
Fedora
added 2022/12/11 1:40 a.m.52 views

[SECURITY] Fedora 36 Update: bcel-6.4.1-10.fc36

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...

9.8CVSS1AI score0.02836EPSS
Exploits0
Fedora
Fedora
added 2022/12/11 1:27 a.m.45 views

[SECURITY] Fedora 37 Update: bcel-6.5.0-3.fc37

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...

9.8CVSS1AI score0.02836EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/12/11 12:0 a.m.20 views

Fedora: Security Advisory for bcel (FEDORA-2022-0e358addb8)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.02836EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/07/21 4:56 p.m.2 views

OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

7.5CVSS7AI score0.17673EPSS
Exploits2References4
BDU FSTEC
BDU FSTEC
added 2016/06/01 12:0 a.m.7 views

The vulnerability of the libxml2 library and the PHP interpreter allows attackers to trigger a service failure.

The vulnerability of the xslextfunctionphp function ext/xsl/xsltprocessor.c in the libxml2 library and the PHP interpreter is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure dereferencing the null pointer...

5CVSS7.4AI score0.06574EPSS
Exploits0References3Affected Software3
Gentoo Linux
Gentoo Linux
added 2016/04/02 12:0 a.m.54 views

Xalan-Java: Arbitrary code execution

Background Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. Description The TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled. This can also be exploit...

7.5CVSS9.1AI score0.13809EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2016/03/15 8:55 p.m.7 views

php: NULL pointer dereference in XSLTProcessor class

A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language XSL transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT...

7.5CVSS7.1AI score0.07276EPSS
Exploits0References4
CNVD
CNVD
added 2015/09/20 12:0 a.m.4 views

PHP 'xsltprocessor.c' Denial of Service Vulnerability

PHP an open source general-purpose computer scripting language. PHP 'xsltprocessor.c' has a null pointer back-reference condition that allows remote attackers to exploit a vulnerability to submit a special request for a denial of service attack...

7.5CVSS8.3AI score0.07276EPSS
Exploits0References1
OSV
OSV
added 2015/09/09 12:0 a.m.6 views

UBUNTU-CVE-2015-6837

The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking,...

7.5CVSS7.2AI score0.06574EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.40 views

Liferay XSL - Command Execution

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'activesupport/json'...

7.3AI score0.0847EPSS
Exploits5
OpenVAS
OpenVAS
added 2014/04/08 12:0 a.m.35 views

Fedora Update for xalan-j2 FEDORA-2014-4443

Check for the Version of xalan-j2 OpenVAS Vulnerability Test Fedora Update for xalan-j2 FEDORA-2014-4443 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

7.5CVSS8.7AI score0.13809EPSS
Exploits2References2
Fedora
Fedora
added 2014/04/05 4:56 a.m.39 views

[SECURITY] Fedora 20 Update: xalan-j2-2.7.1-22.fc20

Xalan is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements the W3C Recommendations for XSL Transformations XSLT and the XML Path Language XPath. It can be used from the command line, in an applet or a servlet, or as a module in other...

7.5CVSS0.3AI score0.13809EPSS
Exploits2
Fedora
Fedora
added 2014/04/05 4:53 a.m.36 views

[SECURITY] Fedora 19 Update: xalan-j2-2.7.1-22.fc19

Xalan is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements the W3C Recommendations for XSL Transformations XSLT and the XML Path Language XPath. It can be used from the command line, in an applet or a servlet, or as a module in other...

7.5CVSS0.3AI score0.13809EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/04/03 12:0 a.m.24 views

CentOS Update for xalan-j2 CESA-2014:0348 centos5

Check for the Version of xalan-j2 OpenVAS Vulnerability Test CentOS Update for xalan-j2 CESA-2014:0348 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

7.5CVSS8.7AI score0.13809EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2014/04/03 12:0 a.m.28 views

CentOS Update for xalan-j2 CESA-2014:0348 centos6

Check for the Version of xalan-j2 OpenVAS Vulnerability Test CentOS Update for xalan-j2 CESA-2014:0348 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

7.5CVSS8.7AI score0.13809EPSS
Exploits2References2
Rows per page
Query Builder