19 matches found
Medium: woodstox-core
Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...
Medium: woodstox-core
Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...
Amazon Linux 2 : woodstox-core (ALAS-2024-2463)
The version of woodstox-core installed on the remote host is prior to 4.1.2-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2463 advisory. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the...
Security Bulletin: IBM Storage Protect Client and IBM Storage Protect for Space Management are vulnerable to denial of service due to CVEs in XStream (woodstox) (CVE-2022-40151, CVE-2022-40152)
Summary IBM Storage Protect Client and IBM Storage Protect for Space Management can be affected by security flaws in XStream woodstox. The flaws can lead to denial of service, as described in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: XStream is...
Oracle Business Intelligence Publisher 6.4 (OAS) (October 2023 CPU)
The versions of Oracle Business Intelligence Publisher OAS installed on the remote host are affected by a vulnerability as referenced in the October 2023 CPU advisory. - Vulnerability in the BI Publisher product of Oracle Analytics component: Development Operations XStream. The supported version...
Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release
Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities
Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components and that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...
Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) woodstox/XStream security vulnerability CVE-2022-40152
Summary IBM ECM Content Management Interoperability Services CMIS woodstox/XStream security vulnerability CVE-2022-40152, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By...
Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to a denial of service attack due to FasterXML Woodstox
Summary FasterXML Woodstox is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML processor insfrastructure. Information about security vulnerabilities affecting FasterXML Woodstox has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION:...
Oracle WebLogic Server (Apr 2023 CPU)
The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...
Mageia: Security Advisory (MGASA-2023-0104)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2023-0104 Updated woodstox-core packages fix security vulnerability
Denial of service using crafted input. CVE-2022-40152...
SUSE-SU-2023:0679-1 Security update for woodstox
This update for woodstox fixes the following issues: - CVE-2022-40152: Fixed stack overflow in XML serialization bsc1203521...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions For Quarkus 2.13.2
Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...
Security Bulletin: IBM Content Navigator is vulnerable to a Denial of Service attack due to Xstream (CVE-2022-40151, CVE-2022-40152, CVE-2022-40153)
Summary Xstream is used by IBM Content Navigator as part of the CMIS connector. CVE-2022-40151, CVE-2022-40152, CVE-2022-40153. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a...
ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), ai.platon.pulsar:pulsar-boilerpipe (>=1.6.6 <=1.10.5) +7505 more potentially affected by CVE-2022-40152 via com.fasterxml.woodstox:woodstox-core (>=6.0.0 <=6.3.1)
com.fasterxml.woodstox:woodstox-core MAVEN version =6.0.0, =cloud-0.1, =1.6.6, =1.6.6, =1.6.6, =1.6.6, =1.6.6, =1.6.6, =1.6.6.1, =5.3.5, =0.1.0, =5.3.1, =1.0.0, =1.0.8, =1.0.12 and more Source cves: CVE-2022-40152 Source advisory: OSV:GHSA-3F7H-MF4Q-VRM4...
CVE-2022-40152 Stack Buffer Overflow in Woodstox
Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...
CVE-2022-40152
CVE-2022-40152 is a vulnerability in Woodstox/libwoodstox-java where XML parsing with DTD support enabled can crash the parser (stack overflow), enabling potential denial-of-service. Connected documents confirm the same issue affecting Woodstox/libwoodstox-java (Astra Linux bulletin) and referenc...