69 matches found
SUSE CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
SUSE SLES15 Security Update : xerces-c (SUSE-SU-2024:0300-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0300-1 advisory. - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. bsc1159552 Tenable has...
Use After Free
The Apache Xerces is vulnerable to use-after-free. The vulnerability is due to improper handling of memory, leading to potential arbitrary code execution or denial of service. As a remedy, it is recommended to disable DTD processing, either through DOM parser features or by setting the...
apache-ivy: XML External Entity vulnerability
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
CVE-2022-46751
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
SUSE CVE-2022-46751
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
GHSA-2JC4-R94C-RP7H Apache Ivy External Entity Reference vulnerability
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
Apache Ivy External Entity Reference vulnerability
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
CVE-2022-46751
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
Design/Logic Flaw
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
CVE-2022-46751 Apache Ivy: XML External Entity vulnerability in Apache Ivy
Improper Restriction of XML External Entity Reference, XML Injection aka Blind XPath Injection vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy...
PT-2023-8841 · Apache +1 · Apache Ivy +1
Name of the Vulnerable Software and Affected Versions: Apache Ivy versions prior to 2.5.2 Description: The issue is related to improper restriction of XML external entity references, which can lead to XML injection, also known as blind XPath injection. When Apache Ivy parses XML files, it allows...
SUSE CVE-2010-1632
Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server WAS 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly...
openSUSE 15 Security Update : xerces-c (openSUSE-SU-2021:2958-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2958-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not be...
SUSE SLED15 / SLES15 Security Update : xerces-c (SUSE-SU-2021:2958-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2958-1 advisory. - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. Tenable has extracted the preceding...
SUSE SLES15 Security Update : xerces-c (SUSE-SU-2021:2920-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2920-1 advisory. - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. Tenable has extracted the preceding...
SUSE SLED12 / SLES12 Security Update : xerces-c (SUSE-SU-2021:2944-1)
The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2944-1 advisory. - CVE-2018-1311: Fixed use-after-free inside XML parser during the scanning of external DTDs bsc1159552. Tenable has extracted the...
Debian DLA-2498-1 : xerces-c security update
The UK's National Cyber Security Centre NCSC discovered that Xerces-C, a validating XML parser library for C++, contains a use-after-free error triggered during the scanning of external DTDs. An attacker could cause a Denial of Service DoS and possibly achieve remote code execution. This flaw has...
NewStart CGSL MAIN 4.05 : xerces-c Vulnerability (NS-SA-2020-0052)
The remote NewStart CGSL host, running version MAIN 4.05, has xerces-c packages installed that are affected by a vulnerability: - The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the...