Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways

Summary IBM DataPower Gateways has addressed vulnerabilities in processing certain XML files that could cause a denial of service or obtain sensitive information. Vulnerability Details CVEID: CVE-2016-4448 DESCRIPTION: libxml2 could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: Vulnerabilities in IBM Business Process Manager (BPM) DocumentStore administration (CVE-2014-0107, CVE-2014-4763)

Summary IBM Business Process Manager BPMV8.5.5.0 includes a web based application for administering the IBM BPM DocumentStore. A cross-site scripting vulnerability CVE-2014-4763 and an open source library for XML processing vulnerability CVE-2014-0107 have been reported in this web based...

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

Denial of service

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

CVE-2018-0765

The CVE-2018-0765 vulnerability affects Microsoft .NET Framework and .NET Core where XML documents are improperly processed, causing a denial of service. Connected sources confirm this DoS issue across multiple .NET Framework versions (including 2.0–4.x line) and .NET Core 2.0, with affected comp...

Microsoft .NET Framework Security Feature Bypass And DoS Vulnerabilities (KB4096418)

This host is missing an important security update according to Microsoft KB4096418 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Description of the Security Only update for .NET Framework 3.5 SP1 for Windows 8.1 and Server 2012 R2 (KB 4095515)

Description of the Security Only update for .NET Framework 3.5 SP1 for Windows 8.1 and Server 2012 R2 KB 4095515 Summary This update resolves a vulnerability in Microsoft .NET Framework that could cause denial of service when .NET Framework and .NET core components process XML documents...

OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2018-1421

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023...

Core: Improper processing of XML documents can cause a denial of service

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...

FreeBSD : shibboleth-sp -- vulnerable to forged user attribute data (22438240-1bd0-11e8-a2ec-6cc21735f730)

Shibboleth consortium reports : Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the us...

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...

CVE-2018-1307

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use...

Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security update January 2018. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Security Only update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4055269)

Security Only update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 KB 4055269 View products that this article applies to. Important If you have not been offered this security update, you may be running incompatible...

Security Only update for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 updates for Windows Server 2008 SP2 (KB 4055272)

Security Only update for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 updates for Windows Server 2008 SP2 KB 4055272 View products that this article applies to. Important If you have not been offered this security update, you may be running incompatible antivirus software, and you should...

Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4055266)

Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 8.1, RT 8.1, and Server 2012 R2 KB 4055266 Notice This update has been released as part of the January 2018 Preview of the Quality Rollups for .NET Framework 3.5 SP1, 4.5.2, 4....

Denial of service

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...