Lucene search
K

19 matches found

Amazon
Amazon
added 2024/02/19 12:0 a.m.35 views

Medium: woodstox-core

Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...

7.5CVSS8.1AI score0.19653EPSS
Exploits1
Amazon
Amazon
added 2024/02/19 12:0 a.m.6 views

Medium: woodstox-core

Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...

7.5CVSS7AI score0.19653EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/02/19 12:0 a.m.38 views

Amazon Linux 2 : woodstox-core (ALAS-2024-2463)

The version of woodstox-core installed on the remote host is prior to 4.1.2-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2463 advisory. Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the...

7.5CVSS6.5AI score0.19653EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/15 1:42 p.m.76 views

Security Bulletin: IBM Storage Protect Client and IBM Storage Protect for Space Management are vulnerable to denial of service due to CVEs in XStream (woodstox) (CVE-2022-40151, CVE-2022-40152)

Summary IBM Storage Protect Client and IBM Storage Protect for Space Management can be affected by security flaws in XStream woodstox. The flaws can lead to denial of service, as described in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: XStream is...

7.5CVSS7.9AI score0.19653EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.62 views

Oracle Business Intelligence Publisher 6.4 (OAS) (October 2023 CPU)

The versions of Oracle Business Intelligence Publisher OAS installed on the remote host are affected by a vulnerability as referenced in the October 2023 CPU advisory. - Vulnerability in the BI Publisher product of Oracle Analytics component: Development Operations XStream. The supported version...

7.5CVSS6.3AI score0.19653EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/06/15 3:23 p.m.62 views

Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.18.3 Patch 2 release

Camel for Spring Boot 3.18.3 Patch 2 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS6.8AI score0.19653EPSS
Exploits16References18
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/07 10:53 a.m.26 views

Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities

Summary IBM QRadar User Behavior Analytics contains vulnerable packages/components and that may be identified and potentially exploited. The packages have been updated in the latest release and the vulnerabilities identified in the CVEs have been addressed. Please follow the instructions in the...

9.8CVSS9.6AI score0.99615EPSS
Exploits21Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/24 5:13 p.m.72 views

Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update

An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS7.1AI score0.99931EPSS
Exploits52References18
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/03 6:35 p.m.41 views

Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) woodstox/XStream security vulnerability CVE-2022-40152

Summary IBM ECM Content Management Interoperability Services CMIS woodstox/XStream security vulnerability CVE-2022-40152, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By...

7.5CVSS7.4AI score0.19653EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/30 9:15 p.m.45 views

Security Bulletin: IBM Tivoli Business Service Manager is vulnerable to a denial of service attack due to FasterXML Woodstox

Summary FasterXML Woodstox is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML processor insfrastructure. Information about security vulnerabilities affecting FasterXML Woodstox has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION:...

7.5CVSS7.5AI score0.19653EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/19 12:0 a.m.477 views

Oracle WebLogic Server (Apr 2023 CPU)

The version of Oracle WebLogic Server installed on the remote host is missing a security patch from the April 2023 Critical Patch Update CPU. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware...

7.5CVSS6.4AI score0.82262EPSS
Exploits9References17
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.25 views

Mageia: Security Advisory (MGASA-2023-0104)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.7AI score0.19653EPSS
Exploits1References4
OSV
OSV
added 2023/03/18 10:16 p.m.11 views

MGASA-2023-0104 Updated woodstox-core packages fix security vulnerability

Denial of service using crafted input. CVE-2022-40152...

7.5CVSS7.4AI score0.19653EPSS
Exploits1References3
OSV
OSV
added 2023/03/08 3:40 p.m.4 views

SUSE-SU-2023:0679-1 Security update for woodstox

This update for woodstox fixes the following issues: - CVE-2022-40152: Fixed stack overflow in XML serialization bsc1203521...

7.5CVSS7.7AI score0.19653EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/01/26 9:42 a.m.64 views

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions For Quarkus 2.13.2

Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score,...

9.8CVSS7AI score0.99931EPSS
Exploits46References14
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/06 11:41 p.m.54 views

Security Bulletin: IBM Content Navigator is vulnerable to a Denial of Service attack due to Xstream (CVE-2022-40151, CVE-2022-40152, CVE-2022-40153)

Summary Xstream is used by IBM Content Navigator as part of the CMIS connector. CVE-2022-40151, CVE-2022-40152, CVE-2022-40153. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending a...

7.5CVSS7.1AI score0.19653EPSS
Exploits2Affected Software1
vulnersOsv
vulnersOsv
added 2022/09/17 12:0 a.m.4 views

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.2.1), ai.platon.pulsar:pulsar-boilerpipe (>=1.6.6 <=1.10.5) +7505 more potentially affected by CVE-2022-40152 via com.fasterxml.woodstox:woodstox-core (>=6.0.0 <=6.3.1)

com.fasterxml.woodstox:woodstox-core MAVEN version =6.0.0, =cloud-0.1, =1.6.6, =1.6.6, =1.6.6, =1.6.6, =1.6.6, =1.6.6, =1.6.6.1, =5.3.5, =0.1.0, =5.3.1, =1.0.0, =1.0.8, =1.0.12 and more Source cves: CVE-2022-40152 Source advisory: OSV:GHSA-3F7H-MF4Q-VRM4...

7.5CVSS6.6AI score0.19653EPSS
Exploits1
OSV
OSV
added 2022/09/16 10:0 a.m.39 views

CVE-2022-40152 Stack Buffer Overflow in Woodstox

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

6.5CVSS6.6AI score0.19653EPSS
Exploits1References4
CVE
CVE
added 2022/09/16 10:0 a.m.465 views

CVE-2022-40152

CVE-2022-40152 is a vulnerability in Woodstox/libwoodstox-java where XML parsing with DTD support enabled can crash the parser (stack overflow), enabling potential denial-of-service. Connected documents confirm the same issue affecting Woodstox/libwoodstox-java (Astra Linux bulletin) and referenc...

7.5CVSS7.5AI score0.19653EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder