Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in expat (CVE-2012-6702 CVE-2016-5300).

Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in expat. Vulnerability Details Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in expat. Vulnerability Details CVEID: CVE-2012-6702 Description: Expat, when use...

Denial Of Service (DoS) Or Arbitrary Code Execution

expat is vulnerable to denial of service DoS or arbitrary code execution attacks. When users input malformed document, expat XML parser mishandles the input which causes a buffer overflow during the processing and error reporting. This leading to a denial of service and conceivably result in remo...

Denial Of Service (DoS)

Expat is vulnerable to denial of service. The XML parser xmlparse.c computes hash values without restricting the ability to trigger hash collisions predictably, allowing an attacker to crash the process by submiting a malicious XML file that triggers multiple hash function collisions to consume...

XML External Entity (XXE)

c3p0 is vulnerable to XML external entity XXE attacks. The external entity expansion is not disabled in the XML parser, which would allow a remote attacker to perform XXE attacks via a crafted XML document. This CVE is also known as CVE-2019-5427...

XML External Entity Injection (XXE)

neo4j-apoc-procedures is susceptible to XML external entity injection XXE. The vulnerability is caused due to the way XML parser processes XML input containing a reference to an external entity using a weak configuration...

XML External Entity (XXE) vulnerability in bw-calendar-engine

bw-calendar-engine version = bw-calendar-engine-3.12.0 contains a XML External Entity XXE vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious...

GHSA-JXM5-5XCW-H57Q exist-db:exist-core XML External Entity (XXE) vulnerability

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

GHSA-77HP-PFXW-4W63 XML External Entity (XXE) vulnerability in codelibs fess

codelibs fess version before commit faa265b contains a XML External Entity XXE vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This...

CVE-2018-1000836

bw-calendar-engine version = bw-calendar-engine-3.12.0 contains a XML External Entity XXE vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious...

CVE-2018-1000837

UML Designer version = 8.0.0 contains a XML External Entity XXE vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file...

CVE-2018-1000837

UML Designer version = 8.0.0 contains a XML External Entity XXE vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file...

Xxe

UML Designer version = 8.0.0 contains a XML External Entity XXE vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file...

Xxe

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

CVE-2018-1000820

neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity XXE vulnerability in XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 45bc09c...

CVE-2018-1000838

autopsy version = 4.9.0 contains a XML External Entity XXE vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata...

CVE-2018-1000823

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

CVE-2018-1000823

exist version = 5.0.0-RC4 contains a XML External Entity XXE vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning...

CVE-2018-1000836

bw-calendar-engine version = bw-calendar-engine-3.12.0 contains a XML External Entity XXE vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious...

CVE-2018-1000820

Affected software: neo4j-contrib neo4j-apoc-procedures. Vulnerability: XML External Entity (XXE) in the XML Parser. Root cause / affected versions: before commit 45bc09c. Impact (as stated): disclosure of confidential data, denial of service, SSRF, port scanning. Status / fix: appears fixed after...

CVE-2018-1000837

UML Designer version = 8.0.0 contains a XML External Entity XXE vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file...