Duplicate Advisory: Denial of Service due to parser crash

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f8cc-g7j8-xxpm. This link is maintained to preserve external references. Original Description Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running...

GHSA-4RV7-WJ6M-6C6R Denial of Service due to parser crash

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

Denial of Service via stack overflow

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

Denial of Service via stack overflow

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

Denial of Service due to parser crash

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

GHSA-FV22-XP26-MM9W Denial of Service due to parser crash

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

Denial of Service due to parser crash

Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. This...

GHSA-5HC5-C3M9-8VCJ Denial of Service via stack overflow

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

GHSA-9FWF-46G9-45RX Denial of Service via stack overflow

Withdrawn This advisory has been withdrawn because it has been found to be a duplicate. Please see the issue here for more information. Original Despcription Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user...

CVE-2022-40152

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40151

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks DOS. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack...

CVE-2022-40152

CVE-2022-40152 is a vulnerability in Woodstox/libwoodstox-java where XML parsing with DTD support enabled can crash the parser (stack overflow), enabling potential denial-of-service. Connected documents confirm the same issue affecting Woodstox/libwoodstox-java (Astra Linux bulletin) and referenc...

RHEL 7 : OpenShift Container Platform 4.4.33 (RHSA-2021:0282)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0282 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

Security Bulletin: A CVE-2021-37714 vulnerability in jsoup affects IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

Summary A vulnerabilitiy exists in jsoup used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-37714 DESCRIPTION: jsoup is vulnerable to a denial of service, caused by improper input validation. By sending ...

Xxe

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in the Policy Engine of Forcepoint Data Loss Prevention DLP, which is also leveraged by Forcepoint One Endpoint F1E, Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20...

CVE-2022-1700

Improper Restriction of XML External Entity Reference 'XXE' vulnerability in the Policy Engine of Forcepoint Data Loss Prevention DLP, which is also leveraged by Forcepoint One Endpoint F1E, Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.15.5)

The version of AOS installed on the remote host is prior to 5.15.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.15.5 advisory. - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the...

Ubuntu: Security Advisory (USN-313-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-313-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2021-42521

There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer...