EulerOS 2.0 SP2 : xerces-c (EulerOS-SA-2020-1640)

According to the version of the xerces-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not be...

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

DEBIAN-CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

Debian: Security Advisory (DLA-1853-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Improper Access Control

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote...

Debian DLA-1328-1 : xerces-c security update

Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research discovered that the Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in...

Shibboleth XMLTooling-C Library < 1.6.4 Security Bypass Vulnerability

Shibboleth Service Provider is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Shibboleth 2.0 < 2.6 XMLTooling-C DTD Processing Forgery Vulnerability

The version of Shibboleth Service Provider installed on the remote host is version 2.0 prior to 2.6. As a result it is affected by a user attribute forgery issue which could allow an attacker to impersonate a valid user and gain access to sensitive information. Note: Though versions higher than 2...

CVE-2017-12627

In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. Mitigation Applications should strongly consider blocking remote entity resolution and/or outright disabling of DTD processing in light of the...

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...

FreeBSD : shibboleth-sp -- vulnerable to forged user attribute data (3dbe9492-f7b8-11e7-a12d-6cc21735f730)

Shibboleth consortium reports : Shibboleth SP software vulnerable to forged user attribute data The Service Provider software relies on a generic XML parser to process SAML responses and there are limitations in older versions of the parser that make it impossible to fully disable Document Type...

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to forged user attribute data The Service Provider software relies on a generic XML parser to process SAML responses and there are limitations in older versions of the parser that make it impossible to fully disable Document Type...

Framework: denial-of-service attack with XML input

A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed...

CVE-2015-3192

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service memory consumption and out-of-memory errors via a crafted XML file...

Debian DLA-535-1 : xerces-c security update

Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-...

[SECURITY] [DSA 3610-1] xerces-c security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3610-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 29, 2016 https://www.debian.org/security/faq -...

DLA-535-1 xerces-c - security update

Bulletin has no description...

Debian Security Advisory DSA 3610-1 (xerces-c - security update)

Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-...

Java: Java XML Signature DoS Attack

It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions DTDs to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial ...