9 matches found
Mageia: Security Advisory (MGASA-2020-0051)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 30 : c3p0 (2019-cb14e234fc)
Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 29 : c3p0 (2019-063672154a)
Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Central Security Project: c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Please refer to the example on our poli...
CVE-2018-20433
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization...
Debian: Security Advisory (DLA-1621-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2018-20433
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization...
CVE-2018-20433
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization...
CVE-2018-20433
CVE-2018-20433 affects c3p0 (version 0.9.5.2) via an XML External Entity (XXE) vulnerability in extractXmlConfigFromInputStream() during initialization of C3P0ConfigXmlUtils. Several connected advisories confirm the issue and reference a fix: upgrading to 0.9.5.4 (as reported in Mageia MGASA-2020...