7 matches found
Ubuntu: Security Advisory (USN-7571-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 ESM : c3p0 vulnerability (USN-5293-2)
The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5293-2 advisory. USN-5293-1 fixed a vulnerability in c3p0. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description bloc...
Mageia: Security Advisory (MGASA-2020-0051)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 29 : c3p0 (2019-063672154a)
Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 30 : c3p0 (2019-cb14e234fc)
Update to version 0.9.5.4. Resolves CVE-2018-20433 and CVE-2019-5427. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
CVE-2019-5427
CVE-2019-5427 affects c3p0, where versions older than 0.9.5.4 are vulnerable to a billion laughs (XML entity expansion) attack when loading XML configuration due to missing protections against recursive entity expansion. Public sources in connected documents confirm the issue exists in c3p0
XML External Entity (XXE)
c3p0 is vulnerable to XML external entity XXE attacks. The external entity expansion is not disabled in the XML parser, which would allow a remote attacker to perform XXE attacks via a crafted XML document. This CVE is also known as CVE-2019-5427...