EUVD-2018-0507

Malware in sbrugna...

Security Bulletin: Vulnerability found in pdfbox-1.8.1.jar which is shipped with IBM® Intelligent Operations Center(220742, CVE-2018-11797, CVE-2016-2175)

Summary Vulnerability have been identified in pdfbox-1.8.1.jar which is shipped with IBM® Intelligent Operations Center. Information about this vulnerability affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Mageia: Security Advisory (MGASA-2016-0253)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

com.amashchenko.struts2.pdfstream:struts2-pdfstream-plugin (=2.0.0), com.amashchenko.struts2.pdfstream:struts2-pdfstream-showcase (=2.0.0) +50 more potentially affected by CVE-2016-2175 via org.apache.pdfbox:pdfbox (=2.0.0)

org.apache.pdfbox:pdfbox MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pdfbox:pdfbox and may be impacted: - com.amashchenko.struts2.pdfstream:struts2-pdfstream-plugin =2.0.0 -...

biz.netcentric.cq.tools.accesscontroltool:sling-minimum-version-environment (>=4.2.0 <=4.2.1), br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=3.0.0) +457 more potentially affected by CVE-2016-2175 via org.apache.pdfbox:pdfbox (>=0.8.0-incubating <=1.8.11)

org.apache.pdfbox:pdfbox MAVEN version =0.8.0-incubating, =4.2.0, =1.2.1, =3.0.0, =5.6.100, =2.0.6, =1.0.10, =1.0.8, =0.6, =1.0.8, =1.0.12 and more Source cves: CVE-2016-2175 Source advisory: OSV:GHSA-4C32-XMGJ-2G98...

Apache Tika does not properly initialize the XML parser or choose handlers

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...

Security Bulletin: Vulnerability in Apache PDFBox affects FileNet Content Manager and IBM Content Foundation (CVE-2016-2175)

Summary Security vulnerabilitiy exists in Apache PDFBox that affects IBM FileNet Content Manager and IBM Content Foundation. Vulnerability Details CVEID: CVE-2016-2175 DESCRIPTION: Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external...

Security Bulletin: Apache PDFBox affects IBM Emptoris Contract Management (CVE-2016-2175)

Summary Apache PDFBox affects IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2016-2175 DESCRIPTION: Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity XXE error when processing XML data by the XML parser. ...

Xxe

Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity XXE attacks via vectors involving 1 spreadsheets in OOXML files and 2 XMP metadata in PDF and other file formats, a related issue to...

Moderate: Red Hat Security Advisory: Red Hat JBoss Data Virtualization security and bug fix update

An update is now available for Red Hat JBoss Data Virtualization. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: Red Hat Security Advisory: Red Hat JBoss BRMS security update

An update is now available for Red Hat JBoss BRMS. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Fedora Update for pdfbox FEDORA-2016-3f30a5faeb

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 23 : pdfbox (2016-3f30a5faeb)

Security fix for CVE-2016-2175 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

Updated pdfbox packages fix security vulnerability

Apache PDFBox before 1.8.12 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF CVE-2016-2175...

CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

CVE-2016-2175

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

CVE-2016-2175

CVE-2016-2175 is an XXE vulnerability in Apache PDFBox. The issue arises because PDFBox’s XML parsers are not properly initialized when processing XML data inside PDFs, allowing context-dependent attackers to craft PDFs that cause XML External Entity (XXE) attacks. Affected products include PDFBo...

CVE-2016-2175

It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...