39 matches found
Missing Release of Memory after Effective Lifetime
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the XSLT::Stylesheettransform function, when a string parameter containing a null byte is processed, preventing...
EUVD-2009-1089
Malware in sbrugna...
EUVD-2012-0095
Malware in sbrugna...
EUVD-2022-5013
Malicious code in bioql PyPI...
[SECURITY] Fedora 40 Update: mingw-libxslt-1.1.43-1.fc40
This C library allows to transform XML files into other XML files or HTML, text, ... using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 =3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine...
[SECURITY] Fedora 31 Update: libxslt-1.1.33-4.fc31
This C library allows to transform XML files into other XML files or HTML, text, ... using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 =3D 2.6.27 installed. The xsltproc command is a command line interface to the XSLT eng ine...
Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...
F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15429)
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to 1 read arbitrary files via a crafted web application that provides an XML external entity...
Xxe
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to 1 read arbitrary files via a crafted web application that provides an XML external entity...
Sun Java JRE XML Signature Command Injection (102993) (Unix)
The version of Sun Java Runtime Environment JRE installed on the remote host reportedly does not securely process XSLT stylesheets containing XSLT Transforms in XML Signatures. If an attacker can pass a specially crafted XSLT stylesheet to a trusted Java application running on the remote host, it...
Debian DSA-2406-1 : icedove - several vulnerabilities
Several vulnerabilities have been discovered in Icedove, Debian's variant of the Mozilla Thunderbird code base. - CVE-2011-3670 Icedove does not not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls throu...
DSA-2406-1 icedove - several
Bulletin has no description...
Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerabilities (USN-1353-1)
Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of t...
USN-1350-1: Thunderbird vulnerabilities
Jesse Ruderman and Bob Clary discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user...
USN-1353-1: Xulrunnner vulnerabilities
Jesse Ruderman and Bob Clary discovered memory safety issues affecting the Gecko Browser engine. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of t...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7949)
Mozilla Firefox was updated to 3.6.26 fixing bugs and security issues. The following security issues have been fixed by this update : - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs...
Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 (MAC OS X)
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillaprdtsmultvulnmacosxfeb12.nasl 6445 2017-06-27 12:31:06Z santu $ Mozilla Products Multiple Unspecified Vulnerabilities - Feb12 MAC OS X Authors: Madhu...
Ubuntu Update for ubufox USN-1355-3
Ubuntu Update for Linux kernel vulnerabilities USN-1355-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN13553.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for ubufox USN-1355-3 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
Mozilla Products Multiple Unspecified Vulnerabilities (Feb 2012) - Mac OS X
Mozilla Firefox/Thunderbird/Seamonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 11.1 Security Update : MozillaFirefox (SAT Patch Number 5754)
This update provides Mozilla Firefox 10, which provides many fixes, security and feature enhancements. For a detailed list, please have a look at http://www.mozilla.org/en-US/firefox/10.0/releasenotes/ and http://www.mozilla.org/de/firefox/features/ The following security issues have been fixed i...