Linux Distros Unpatched Vulnerability : CVE-2019-9658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Checkstyle before 8.18 loads external DTDs by default. CVE-2019-9658 Note that Nessus relies on the presence of the package as reported by the vendor...

CVE-2024-47222

The CVE-2024-47222 entry corresponds to a vulnerability in New Cloud MyOffice SDK Collaborative Editing Server, with affected versions 2.2.2–2.8. The root cause is insufficient validation in the WOPI protocol handling, allowing server-side request forgery (SSRF) via manipulated requests originati...

PT-2024-3951 · Myoffice · Myoffice Sdk

Name of the Vulnerable Software and Affected Versions: New Cloud MyOffice SDK Collaborative Editing Server versions 2.2.2 through 2.8 Description: The issue is related to the implementation of the WOPI protocol in the MyOffice SDK, which lacks sufficient checking of incoming requests. This allows...

OESA-2024-1236 xerces-c security update

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

OESA-2024-1232 xerces-c security update

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

OESA-2024-1233 xerces-c security update

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

CVE-2024-23807

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...

OESA-2024-1160 xerces-c security update

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

USN-6579-1 xerces-c vulnerability

It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...

SUSE CVE-2017-12627

In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions...

SUSE CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

Eclipse Lyo 代码问题漏洞

Eclipse Lyo is an integrated development environment from the Eclipse Foundation. A security vulnerability exists in Eclipse Lyo versions 1.0.0 through 4.1.0, which stems from initializing TransformerFactory with a default value that does not restrict DTD loading when using RDF/XML, and can be...

USN-4784-1 xerces-c vulnerabilities

It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service crash or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. CVE-2016-209...

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs

A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition DTD may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially...

UBUNTU-CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via...

PT-2019-5542 · Org.Dom4J +2 · Dom4J +2

Name of the Vulnerable Software and Affected Versions: dom4j versions 1.x and 2.0.x through 2.1.2 dom4j version 2.1.x before 2.1.3 Description: The issue is related to the incorrect restriction of XML links to external objects in the dom4j library, which might enable XXE attacks. This could allow...

GHSA-GP32-7H29-RPXM Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle

Checkstyle prior to 8.18 loads external DTDs by default, which can potentially lead to denial of service attacks or the leaking of confidential information...

UBUNTU-CVE-2019-9658

Checkstyle before 8.18 loads external DTDs by default...

DEBIAN-CVE-2019-9658

Checkstyle before 8.18 loads external DTDs by default...