7 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-18197
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as...
SUSE CVE-2017-18197
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...
Fedora 26 : jgraphx (2018-b3f8bee2e0)
Security fix for CVE-2017-18197 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...
Fedora 27 : jgraphx (2018-b268b5bbb5)
Security fix for CVE-2017-18197 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 7030...
DEBIAN-CVE-2017-18197
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...
CVE-2017-18197
CVE-2017-18197 affects mxGraph (before 3.7.6). In mxGraphViewImageReader.java, the SAXParserFactory used in convert() lacks XXE-defensive flags, enabling XML External Entity attacks (as demonstrated by /ServerView). Public disclosures and advisories (GHSA-wvpv-8524-wg6x; Fed/Debian/Nessus entries...
CVE-2017-18197
In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXParserFactory instance in convert is missing flags to prevent XML External Entity XXE attacks, as demonstrated by /ServerView...