[SECURITY] Fedora 38 Update: tinyxml-2.6.2-28.fc38

TinyXML is a simple, small, C++ XML parser that can be easily integrating into other programs. Have you ever found yourself writing a text file parser every time you needed to save human readable data or serialize objects? TinyXML solves the text I/O file once and for all. Or, as a friend said,...

USN-6579-1: Xerces-C++ vulnerability

It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...

Ubuntu 16.04 ESM / 18.04 ESM : Xerces-C++ vulnerability (USN-6579-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6579-1 advisory. It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could...

Ivanti Avalanche decode XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decode method. Due to the improper restriction of XML External Entity XXE...

Fedora: Security Advisory for xerces-c (FEDORA-2023-52ba628e03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-817ecc703f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: xerces-c-3.2.5-1.fc39

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 38 Update: xerces-c-3.2.5-1.fc38

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Fedora 38 : xerces-c (2023-52ba628e03)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-52ba628e03 advisory. Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 39 : xerces-c (2023-817ecc703f)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-817ecc703f advisory. Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536 Tenable has extracted the preceding description block directly from the Fedora security...

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doDocument method. Due to the improper restriction of XML...

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. Additionally, the plugin does not...

DEBIAN-CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion and application exit via a crafted XML document with a '\0' located after whitespace...

DEBIAN-CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...

CVE-2023-26920

fast-xml-parser before 4.1.2 allows proto for Prototype Pollution...