Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4054181)

Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 KB 4054181 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and...

Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 (KB 4054172)

Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 KB 4054172 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when...

Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 (KB 4054993)

Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 KB 4054993 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft...

Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4055000)

Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 KB 4055000 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET...

Description of Security and Quality Rollup for .NET Framework 3.5 SP1 for Windows Server 2012 (KB 4054997)

Description of Security and Quality Rollup for .NET Framework 3.5 SP1 for Windows Server 2012 KB 4054997 Notice This update is included in the February 2018 Preview of the Quality Rollups for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 KB 4074806. Part...

Description of the Security Only update for .NET Framework 3.5 SP1 for Windows Server 2012 (KB 4054175)

Description of the Security Only update for .NET Framework 3.5 SP1 for Windows Server 2012 KB 4054175 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exits when Microsoft .NET Framework and .NET Core components do...

Description of the Security Only update for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4054176)

Description of the Security Only update for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 KB 4054176 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and...

Description of the Security Only update for .NET Framework 2.0 SP2 and 3.0 SP2 for Windows Server 2008 SP2 (KB 4054174)

Description of the Security Only update for .NET Framework 2.0 SP2 and 3.0 SP2 for Windows Server 2008 SP2 KB 4054174 View products that this article applies to. Summary This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core...

.NET and .NET Core Denial of Service Vulnerability

A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing...

Xxe

XML external entity XXE vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data...

CVE-2014-3630

Play framework’s Java XML processing (before 2.2.6 and 2.3.x before 2.3.5) is affected by CVE-2014-3630 via an XML External Entity (XXE) vulnerability. Crafted XML data can read arbitrary files, cause denial of service, or have unspecified impacts. The connected records confirm affected versions ...

CVE-2014-3630

XML external entity XXE vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of service, or have unspecified other impact via crafted XML data...

OpenJDK: unbounded memory allocation in PredicatedNodeTest deserialization (JAXP, 8181327)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

UBUNTU-CVE-2017-10349

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

BSA-2017-407

Security Advisory ID : BSA-2017-407 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...

OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: unrestricted access to com.sun.org.apache.xml.internal.resolver (JAXP, 8173286)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

OpenJDK: insufficient access control checks in XML transformations (JAXP, 8172469)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

CVE-2017-1192

IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 123663...

Unspecified Vulnerability in Oracle Java SE and Java SE Embedded (CNVD-2017-28400)

Oracle Java SE and Java SE Embedded are both products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, as well as embedded devices and real-time environments; Java SE Embedded is a Java platform for the developmen...