Lucene search
K

9 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2020-0051)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.04882EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/05/29 12:0 a.m.42 views

Fedora 30 : c3p0 (2019-cb14e234fc)

Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

9.8CVSS6.9AI score0.04882EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/05/29 12:0 a.m.43 views

Fedora 29 : c3p0 (2019-063672154a)

Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

9.8CVSS6.9AI score0.04882EPSS
Exploits1References3
Hacker One
Hacker One
added 2019/03/13 4:34 p.m.38 views

Central Security Project: c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Please refer to the example on our poli...

7.5CVSS7.9AI score0.04882EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2019/01/09 2:20 p.m.28 views

CVE-2018-20433

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization...

9.8CVSS4.4AI score0.04589EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/01/02 12:0 a.m.30 views

Debian: Security Advisory (DLA-1621-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.04589EPSS
Exploits0References3
OSV
OSV
added 2018/12/24 1:29 p.m.8 views

UBUNTU-CVE-2018-20433

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization...

9.8CVSS6.7AI score0.04589EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/12/24 1:0 p.m.34 views

CVE-2018-20433

c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization...

9.8CVSS9.5AI score0.04589EPSS
Exploits0
CVE
CVE
added 2018/12/24 1:0 p.m.178 views

CVE-2018-20433

CVE-2018-20433 affects c3p0 (version 0.9.5.2) via an XML External Entity (XXE) vulnerability in extractXmlConfigFromInputStream() during initialization of C3P0ConfigXmlUtils. Several connected advisories confirm the issue and reference a fix: upgrading to 0.9.5.4 (as reported in Mageia MGASA-2020...

9.8CVSS8.3AI score0.04589EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder