Design/Logic Flaw

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...

Security Bulletin: Vulnerability in Apache Xerces-C XML parser, including XML4C affects IBM InfoSphere Optim Data Growth & Test Data Management & Application Retirement

Summary Open Source Xerces-C XML parser vulnerability affects IBM InfoSphere Optim Data Growth & Test Data Management & Application Retirement, also known as the server components. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial...

SUSE: Security Advisory (SUSE-SU-2016:2154-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

xerces security update

CentOS Errata and Security Advisory CESA-2020:0704 An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

xerces security update

CentOS Errata and Security Advisory CESA-2020:0702 An update for xerces-c is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

xerces security update

CentOS Errata and Security Advisory CESA-2018:3335 An update for xerces-c is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Security Bulletin: IBM Tivoli Common Reporting (TCR) 2017Q3 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities

Summary Fixes of Cognos Business Intelligence are provided as part of TCR fixes This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and IBM® Runtime Environment Java™ Technology Edition, Versi...

Security Bulletin: A vulnerability in the Apache Xerces-C XML Parser library affects IBM Performance Management products (CVE-2016-4463)

Summary The Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing a deeply nested DTD. A remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID: CVE-2016-4463 DESCRIPTION:...

Security Bulletin: A vulnerability in Apache Xerces-C XML Parser library affects IBM Performance Management products (CVE-2016-0729 )

Summary Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and error reporting. By sending specially crafted input documents, an attacker could exploit this vulnerability to cause the library to crash or possibly execute...

Security Bulletin: A vulnerability in the Apache Xerces-C XML parser affects IBM Security Access Manager for Web (CVE-2016-0729)

Summary IBM Security Access Manager for Web is affected by a vulnerability in the Apache Xerces-C XML parser. Vulnerability Details CVEID: CVE-2016-0729 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by improper bounds checking during processing and...

Security Bulletin: A vulnerability in the Apache Xerces-C XML Parser affects IBM Cognos Metrics Manager.

Summary A vulnerability has been addressed in the Apache Xerces-C XML Parser component of IBM Cognos Metrics Manager. Vulnerability Details CVEID: CVE-2016-4463 DESCRIPTION: Apache Xerces-C XML Parser library is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsi...

Security Bulletin: IBM Cognos Business Intelligence Server 2016Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.

Summary This bulletin addresses several security vulnerabilities. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and the IBM® Runtime Environment Java™ Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues...

[SECURITY] [DLA 1328-1] xerces-c security update

Package : xerces-c Version : 3.1.1-3+deb7u5 CVE ID : CVE-2017-12627 Debian Bug : 894050 Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research discovered that the Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while...

MGASA-2018-0178 Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could...

MGASA-2016-0243 Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker CVE-2016-4464...

RedHat Update for xerces-c RHSA-2016:0430-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated xerces-c packages fix CVE-2016-0729

Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overlows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse...

Fedora Update for xml-security-c FEDORA-2011-9501

Check for the Version of xml-security-c OpenVAS Vulnerability Test Fedora Update for xml-security-c FEDORA-2011-9501 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Fedora Update for xml-security-c FEDORA-2011-9494

Check for the Version of xml-security-c OpenVAS Vulnerability Test Fedora Update for xml-security-c FEDORA-2011-9494 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

[SECURITY] Fedora 14 Update: xml-security-c-1.5.1-4.fc14

The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...