59 matches found
openSUSE Security Advisory (SUSE-SU-2024:0320-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3704 : libxerces-c-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3704 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3704-1 [email protected]...
Amazon Linux 2 : xerces-c (ALAS-2024-2476)
The version of xerces-c installed on the remote host is prior to 3.1.1-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2476 advisory. Apache issued this CVE to indicate the correct versions of xerces-c, which included the fix for CVE-2018-1311. See the older CVE...
CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
Design/Logic Flaw
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
CVE-2024-23807 Apache Xerces C++: Use-after-free on external DTD scan
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
CVE-2024-23807
Apache issued this CVE to indicate the correct versions of xerces-c, which included the fix for CVE-2018-1311. See the older CVE page for fix status...
SUSE: Security Advisory (SUSE-SU-2024:0320-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: libxerces-c-3_2 / libxerces-c-3_2-32bit / libxerces-c-devel / etc (SUSE-SU-2024:0320-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0320-1 advisory. - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading ...
SUSE-SU-2024:0320-1 Security update for xerces-c
This update for xerces-c fixes the following issues: - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. bsc1159552...
SUSE: Security Advisory (SUSE-SU-2024:0300-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : xerces-c (SUSE-SU-2024:0300-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0300-1 advisory. - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. bsc1159552 Tenable has...
SUSE SLES12 Security Update : xerces-c (SUSE-SU-2024:0299-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0299-1 advisory. - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. bsc1159552 Tenable has...
SUSE-SU-2024:0300-1 Security update for xerces-c
This update for xerces-c fixes the following issues: - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. bsc1159552...
SUSE-SU-2024:0299-1 Security update for xerces-c
This update for xerces-c fixes the following issues: - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. bsc1159552...
USN-6590-1: Xerces-C++ vulnerabilities
It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...
Ubuntu 16.04 ESM / 18.04 ESM : Xerces-C++ vulnerability (USN-6579-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6579-1 advisory. It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could...
Fedora: Security Advisory for xerces-c (FEDORA-2023-52ba628e03)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : xerces-c (2023-817ecc703f)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-817ecc703f advisory. Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536 Tenable has extracted the preceding description block directly from the Fedora security...