vulnerability

Debian: CVE-2018-1000825: freecol -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Dec 20, 2018

Added

Jul 30, 2024

Modified

Mar 30, 2026

Description

FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.

Solution

debian-upgrade-freecol

References

CVE-2018-100082
https://attackerkb.com/topics/CVE-2018-100082
CWE-611
EUVD-EUVD-2018-2018
https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-2018

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report