22 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-2099
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impa...
RHEL 7 : xerces-c (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xerces-c: Use-after-free in heap on specially crafted XML input CVE-2016-2099 Note that Nessus has not tested for...
RHEL 6 : xerces-c (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xerces-c: Use-after-free in heap on specially crafted XML input CVE-2016-2099 - internal/XMLReader.cpp in...
RHEL 7 : xerces-c (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xerces-c: Use-after-free in heap on specially crafted XML input CVE-2016-2099 Note that Nessus has not tested for...
Ubuntu 16.04 ESM / 18.04 ESM : Xerces-C++ vulnerabilities (USN-4784-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4784-1 advisory. It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker...
USN-4784-1: Xerces-C++ vulnerabilities
It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2016-209...
Photon OS 1.0: Linux PHSA-2017-0008 (deprecated)
An update of xcerces-c,linux packages for PhotonOS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0008. The text itself is copyright C VMware, Inc...
openSUSE Security Update : xerces-c (openSUSE-2016-1046)
xerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have...
SUSE SLED12 / SLES12 Security Update : xerces-c (SUSE-SU-2016:2154-1)
xerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have...
FreeBSD : xercesi-c3 -- multiple vulnerabilities (cb09a7aa-5344-11e6-a7bd-14dae9d210b8)
Apache reports : The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in...
Fedora 23 : mingw-xerces-c (2016-87e8468465)
MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possibl...
Fedora 22 : mingw-xerces-c (2016-7615febbd6)
MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possibl...
Fedora 22 : xerces-c (2016-84373c5f4f)
Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 24 : mingw-xerces-c (2016-0a061f6dd9)
MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possibl...
openSUSE Security Update : xerces-c (openSUSE-2016-833)
xerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++. It did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to ha...
[SECURITY] [DSA 3579-1] xerces-c security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3579-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2016 https://www.debian.org/security/faq -...
DEBIAN-CVE-2016-2099
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document...
CVE-2016-2099
The CVE-2016-2099 entry affects Apache Xerces-C++ up to version 3.1.3, with a use-after-free in validators/DTD/DTDScanner.cpp that can be triggered by an invalid character in an XML document. The issue enables context-dependent attackers to cause unspecified impact. Public advisories and vendor u...
Debian DLA-467-1 : xerces-c security update
XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object. NOTE: Tenable Network Security has extracted the preceding description block...
[SECURITY] [DLA 467-1] xerces-c security update
Package : xerces-c Version : 3.1.1-3+deb7u3 CVE ID : CVE-2016-2099 Debian Bug : 823863 XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed...