8 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-23807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are...
CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
AZL-55898 CVE-2024-23807 affecting package xerces-c for versions less than 3.2.4-2
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
AZL-55883 CVE-2024-23807 affecting package xerces-c for versions less than 3.2.4-2
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
UBUNTU-CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
PT-2023-15917 · Nuxsmin · Syspass
Name of the Vulnerable Software and Affected Versions: nuxsmin sysPass versions up to 3.2.4 Description: A problematic vulnerability was found in the URL Handler component, leading to cross-site scripting. The attack can be launched remotely. Recommendations: For versions up to 3.2.4, upgrade to...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free. The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current...
PT-2006-4252 · Phpsysinfo · Phpsysinfo
Name of the Vulnerable Software and Affected Versions: phpSysInfo versions 2.5.1 through 3.2.4 Description: The issue allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter. This will display a different...