61 matches found
[SECURITY] Fedora 40 Update: xalan-j2-2.7.3-3.fc40
Xalan is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements the W3C Recommendations for XSL Transformations XSLT and the XML Path Language XPath. It can be used from the command line, in an applet or a servlet, or as a module in other...
[SECURITY] Fedora 40 Update: bcel-6.8.1-3.fc40
The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...
SUSE CVE-2013-5604
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote...
SUSE CVE-2015-6837
The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking,...
[SECURITY] Fedora 35 Update: bcel-6.4.1-10.fc35
The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...
[SECURITY] Fedora 36 Update: bcel-6.4.1-10.fc36
The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...
[SECURITY] Fedora 37 Update: bcel-6.5.0-3.fc37
The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Classes are represented by objects which contain all the symbolic information of the given class:...
Fedora: Security Advisory for bcel (FEDORA-2022-0e358addb8)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
The vulnerability of the libxml2 library and the PHP interpreter allows attackers to trigger a service failure.
The vulnerability of the xslextfunctionphp function ext/xsl/xsltprocessor.c in the libxml2 library and the PHP interpreter is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure dereferencing the null pointer...
Xalan-Java: Arbitrary code execution
Background Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. Description The TransformerFactory in Apache Xalan-Java does not properly restrict access to certain properties when FEATURESECUREPROCESSING is enabled. This can also be exploit...
php: NULL pointer dereference in XSLTProcessor class
A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language XSL transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT...
PHP 'xsltprocessor.c' Denial of Service Vulnerability
PHP an open source general-purpose computer scripting language. PHP 'xsltprocessor.c' has a null pointer back-reference condition that allows remote attackers to exploit a vulnerability to submit a special request for a denial of service attack...
UBUNTU-CVE-2015-6837
The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking,...
Liferay XSL - Command Execution
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'activesupport/json'...
Fedora Update for xalan-j2 FEDORA-2014-4443
Check for the Version of xalan-j2 OpenVAS Vulnerability Test Fedora Update for xalan-j2 FEDORA-2014-4443 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 20 Update: xalan-j2-2.7.1-22.fc20
Xalan is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements the W3C Recommendations for XSL Transformations XSLT and the XML Path Language XPath. It can be used from the command line, in an applet or a servlet, or as a module in other...
[SECURITY] Fedora 19 Update: xalan-j2-2.7.1-22.fc19
Xalan is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It implements the W3C Recommendations for XSL Transformations XSLT and the XML Path Language XPath. It can be used from the command line, in an applet or a servlet, or as a module in other...
CentOS Update for xalan-j2 CESA-2014:0348 centos5
Check for the Version of xalan-j2 OpenVAS Vulnerability Test CentOS Update for xalan-j2 CESA-2014:0348 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
CentOS Update for xalan-j2 CESA-2014:0348 centos6
Check for the Version of xalan-j2 OpenVAS Vulnerability Test CentOS Update for xalan-j2 CESA-2014:0348 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...