SUSE-SU-2023:1673-1 Security update for xstream

This update for xstream fixes the following issues: - CVE-2022-40151: Fixed stackoverflow in XML serialization bsc1203520. - CVE-2022-41966: Fixed denial of service via uncontrolled recursion during deserialization bsc1206729. - Upgrade to 1.4.20...

CVE-2022-4904

A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity...

Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition

Summary Vulnerabilities found within Apache Storm CVE-2020-25649, CVE-2020-36518, CVE-2021-22569, CVE-2021-38153 that is used by IBM Tivoli Network Manager ITNM IP Edition Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected securit...

Security Bulletin: Vulnerability in FasterXML jackson-databind affects IBM Process Mining . CVE-2020-36518

Summary There is a vulnerability in FasterXML jackson-databind that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-databind

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of FasterXML jackson-databind. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By usin...

Security Bulletin: Vulnerabilities in FasterXML affects IBM Common Licensing's Administration And Reporting Tool (ART) and its Agent (217968, CVE-2020-36518)

Summary Security Vulnerablities have been addressed in IBM Common Licensing. Faster-XML Jackson is a JSON to Java object conversion API 217968, CVE-2020-36518. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is...

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial service (CVE-2020-36518)

Summary IBM Sterling B2B Integrator has addressed the denial service vulnerability Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a large depth of nested objects, a remote...

CVE-2022-46566

CVE-2022-46566 affects D-Link DIR-882 (DIR882A1 FW130B06) and DIR-878 (DIR 878 FW1.30B08). The root cause is a stack overflow in the SetQuickVPNSettings module triggered via the Password parameter. Public references describe a remote condition with potential arbitrary code execution, aligned with...

CVE-2022-45693

Jettison before v1.5.2 was discovered to contain a stack overflow via the map parameter. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted string...

Denial Of Service (DoS)

woodstox-core is vulnerable to Denial Of Service DoS. The vulnerability exists because the FullDTDReader.java does not properly limit the recursion limit for DTD parsing, allowing an attacker to cause an application crash through StackOverflow by passing a malicious input if DTD support is enable...

Security Bulletin: FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service

Summary FasterXML Jackson Databind used by CICS Transaction Gateway is vulnerable to a denial of service, caused by a Java StackOverflow exception CVE-2020-36518. CICS Transaction Gateway addressed the applicable CVE. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML...

CVE-2022-43026

Tenda TX3 USTX3V1.0brV16.03.13.11multiTDE01 was discovered to contain a stack overflow via the endIp parameter at /goform/SetPptpServerCfg...

CVE-2022-35099

SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixelunsigned char at /xpdf/Stream.cc...

CVE-2022-40862

Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting...

CVE-2022-40152

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

Input validation

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40151

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40152

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

Input validation

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40156

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage...