OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network...

CVE-2018-1421

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023...

Core: Improper processing of XML documents can cause a denial of service

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...

FreeBSD : shibboleth-sp -- vulnerable to forged user attribute data (22438240-1bd0-11e8-a2ec-6cc21735f730)

Shibboleth consortium reports : Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the us...

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...

CVE-2018-1307

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. Mitigation is to use...

Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security update January 2018. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Security Only update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4055269)

Security Only update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 KB 4055269 View products that this article applies to. Important If you have not been offered this security update, you may be running incompatible...

Security Only update for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 updates for Windows Server 2008 SP2 (KB 4055272)

Security Only update for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 updates for Windows Server 2008 SP2 KB 4055272 View products that this article applies to. Important If you have not been offered this security update, you may be running incompatible antivirus software, and you should...

Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4055266)

Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 8.1, RT 8.1, and Server 2012 R2 KB 4055266 Notice This update has been released as part of the January 2018 Preview of the Quality Rollups for .NET Framework 3.5 SP1, 4.5.2, 4....

Denial of service

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...

CVE-2018-0764

The CVE-2018-0764 issue is a DoS vulnerability in .NET and .NET Core caused by improper processing of XML documents. Affected products include Microsoft .NET Framework versions 1.1, 2.0, 3.0, 3.5–3.5.1, 4, 4.5–4.7.1, 5.7 and .NET Core 1.0–2.0. The impact is denial of service to affected .NET appl...

Microsoft .NET Framework DoS And Security Feature Bypass Vulnerability (KB4055001)

This host is missing an important security update according to Microsoft Security Updates KB4055001. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft .NET Framework and .NET Core Denial of Service Vulnerability

NET Framework and .NET Core are both products of Microsoft Corporation.Microsoft .NET Framework is a comprehensive and consistent programming model and development platform for building applications for Windows, Windows Store, Windows Server, and Microsoft Azure. NET Framework is a comprehensive...

Microsoft .NET Framework 3.0 And 2.0 SP2 Multiple Vulnerabilities (KB4054996)

This host is missing an important security update according to Microsoft KB4054996 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Security Update for .NET Core (January 2018) (macOS)

The Microsoft .NET Core runtime installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass in X509 Certificate Validation allows an attacker to present a certificate that is marked as invalid fo...

Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4074880)

Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 KB 4074880 Notice On January 18, 2018, update 4074880 was released to replace update 4055002 for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Window...

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and .NET Framework 4.6 for Windows Server 2008 SP2 (KB 4054183)

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and .NET Framework 4.6 for Windows Server 2008 SP2 KB 4054183 View products that this article applies to. Summary This security update resolves a...

Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows Server 2012 (KB 4054994)

Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows Server 2012 KB 4054994 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core...

Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB 4054995)

Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 KB 4054995 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists...