SUSE-SU-2018:2899-1 Security update for smt

This update for smt to 2.0.34 fixes the following issues: These security issues were fixed: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read bsc1103809 - CVE-2018-12470: SQL injection in RegistrationSharing module allows remot...

SUSE-SU-2018:2898-1 Security update for smt, yast2-smt

This update for yast2-smt to 3.0.14 and smt to 3.0.37 fixes the following issues: These security issues were fixed in SMT: - CVE-2018-12471: Xml External Entity processing in the RegistrationSharing modules allowed to read arbitrary file read bsc1103809. - CVE-2018-12470: SQL injection in...

ALPINE-CVE-2018-14647

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML External Entity Processing XXE attack. Unauthenticated attackers on the same L...

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

CVE-2017-2640

CVE-2017-2640 affects Pidgin/libpurple prior to 2.12.0. An out-of-bounds write in parsing XML content (e.g., via invalid XML entities) can allow a remote server to crash the client or, in some cases, execute arbitrary code. Upstream fixes/advise upgrading to 2.12.0 or newer (e.g., libpurple 2.12....

CVE-2017-2640

An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process...

Denial Of Service (DoS)

.NET Core is vulnerable to denial of service DoS. This is due to the way .NET applications process XML documents which could lead to a denial of service condition when specially crafted requests are submitted. This CVE is different from CVE-2018-0765...

OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network...

Security Bulletin: A vulnerability in XML processing affects IBM InfoSphere Streams (CVE-2015-1819)

Summary IBM InfoSphere Streams may be vulnerable to a denial of service attack due to the use of Libxml2 CVE-2015-1819 Vulnerability Details CVEID:CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreader...

Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways

Summary IBM DataPower Gateways has addressed vulnerabilities in processing certain XML files that could cause a denial of service or obtain sensitive information. Vulnerability Details CVEID: CVE-2016-4448 DESCRIPTION: libxml2 could allow a remote attacker to execute arbitrary code on the system,...

Security Bulletin: Vulnerabilities in IBM Business Process Manager (BPM) DocumentStore administration (CVE-2014-0107, CVE-2014-4763)

Summary IBM Business Process Manager BPMV8.5.5.0 includes a web based application for administering the IBM BPM DocumentStore. A cross-site scripting vulnerability CVE-2014-4763 and an open source library for XML processing vulnerability CVE-2014-0107 have been reported in this web based...

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

Denial of service

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

CVE-2018-0765

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework...

CVE-2018-0765

The CVE-2018-0765 vulnerability affects Microsoft .NET Framework and .NET Core where XML documents are improperly processed, causing a denial of service. Connected sources confirm this DoS issue across multiple .NET Framework versions (including 2.0–4.x line) and .NET Core 2.0, with affected comp...

Microsoft .NET Framework Security Feature Bypass And DoS Vulnerabilities (KB4096418)

This host is missing an important security update according to Microsoft KB4096418 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Description of the Security Only update for .NET Framework 3.5 SP1 for Windows 8.1 and Server 2012 R2 (KB 4095515)

Description of the Security Only update for .NET Framework 3.5 SP1 for Windows 8.1 and Server 2012 R2 KB 4095515 Summary This update resolves a vulnerability in Microsoft .NET Framework that could cause denial of service when .NET Framework and .NET core components process XML documents...