2720 matches found
Security Bulletin: Multiple OpenSource Expat XML Vulnerabilities affect IBM DB2 Net Search Extender for Linux, Unix and Windows
Summary There are multiple vulnerabilities in open source expat XML parser that is used in DB2 Net Search Extender. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple...
Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-0729)
Summary IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities. IBM Streams has addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds...
Security Bulletin: IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities (CVE-2016-4463)
Summary IBM Streams is affected by Open Source Apache Xerces-C XML parser Vulnerabilities. IBM Streams has addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-4463 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer...
Security Bulletin: Vulnerability in Apache Xerces-C XML parser, including XML4C affects IBM InfoSphere Information Server (CVE-2016-0729)
Summary Open Source Xerces-C XML parser vulnerability affects IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reportin...
Security Bulletin: Open Source Apache Xerces-C XML parser Vulnerabilities -- including XML4C (CVE-2016-0729)
Summary The vulnerabilities have been addressed in the Open Source Apache Xerces-C XML parser for IBM Data Server Driver packagesDB2 Connect Instance less clients. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caus...
Security Bulletin: A vulnerability in the Apache Xerces-C XML Parser affects IBM Cognos Metrics Manager.
Summary A vulnerability has been addressed in the Apache Xerces-C XML Parser component of IBM Cognos Metrics Manager. Vulnerability Details CVEID: CVE-2016-4463 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsi...
Security Bulletin: IBM Cognos Business Intelligence Server 2017Q3 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.
Summary This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues wer...
Security Bulletin: A vulnerability in the Apache Xerces-C XML parser affects IBM Cognos Metrics Manager (CVE-2016-0729)
Summary A vulnerability has been addressed in the Apache Xerces-C XML parser component of IBM Cognos Metrics Manager. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processi...
Security Bulletin: IBM Cognos Business Intelligence Server 2016Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.
Summary This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues...
Security Bulletin: IBM Cognos Business Intelligence (CVE-2013-3030, CVE-2013-4002, CVE-2013-2407, CVE-2013-2450, CVE-2013-4034, CVE-2013-5372)
Summary A Number of security vulnerabilities exist in the IBM Cognos Business Intelligence product. Vulnerability Details VULNERABILITY DETAILS: CVEID: CVE-2013-3030 Denial of service attack against servlet gateway DESCRIPTION: A malicious user may be send specially crafted HTTP requests to the I...
Design/Logic Flaw
An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...
CVE-2018-8819
An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...
GE MDS PulseNET IntegrationXMLProcessorServlet UpdateProblemTickets XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the UpdateProblemTickets method of the...
GE MDS PulseNET IntegrationXMLProcessorServlet AlarmActions XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the AlarmActions method of the IntegrationXMLProcessorServle...
GE MDS PulseNET IntegrationXMLProcessorServlet Write XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the Write method of the IntegrationXMLProcessorServlet...
GE MDS PulseNET FglAMServlet XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FglAMServlet servlet. Due to the improper restriction of XML External Enti...
GE MDS PulseNET MagnumEmulator Servlet XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MagnumEmulator servlet. Due to the improper restriction of XML External...
SearchBlox 8.6.7 - XML External Entity Injection
Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE: CVE-2018-11586 1. DETAILS An XML External Entity attack is a typ...
EulerOS 2.0 SP2 : xerces-c (EulerOS-SA-2018-1101)
According to the versions of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read an...
EulerOS 2.0 SP1 : xerces-c (EulerOS-SA-2018-1100)
According to the versions of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read an...