[ASA-201803-23] xerces-c: arbitrary code execution

Arch Linux Security Advisory ASA-201803-23 ========================================== Severity: High Date : 2018-03-25 CVE-ID : CVE-2017-12627 Package : xerces-c Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-644 Summary ======= The package xerces-c before...

Gemalto Sentinel LDK RTE custom XML-parser buffer error vulnerability

Gemalto Sentinel LDK RTE is a software protection and licensing solution from Gemalto USA. custom XML-parser is one of the XML parsers. A stack buffer overflow vulnerability exists in custom XML-parser in Gemalto Sentinel LDK RTE versions prior to 7.65. A remote attacker could exploit this...

Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could...

MGASA-2018-0178 Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could...

Microsoft Windows Remote Assistance XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-6304

Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service...

Stack overflow

Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service...

CVE-2018-6304

Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service...

CVE-2018-6304

CVE-2018-6304 affects Gemalto Sentinel LDK RTE. A stack overflow in the custom XML-parser (in Sentinel LDK RTE) prior to version 7.65 is described as the root cause, with remote denial of service as theImpact. Public sources in the connected documents confirm the component and version range vulne...

Xxe

FreePlane version 1.5.9 and earlier contains a XML External Entity XXE vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been...

CVE-2018-1000069

FreePlane version 1.5.9 and earlier contains a XML External Entity XXE vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been...

CVE-2018-1000069

FreePlane version 1.5.9 and earlier contains a XML External Entity XXE vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been...

CVE-2018-1000069

CVE-2018-1000069 affects FreePlane

Memory corruption

Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600,...

CVE-2017-15314

Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600,...

CVE-2017-15314

Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600,...

CVE-2017-15314

CVE-2017-15314 is a memory leak vulnerability in Huawei devices (e.g., DP300, RP200, TE30/40/50/60, V500R002C00/V600R006C00, etc.) caused by the XML parser failing to free memory when processing certain nodes. The flaw can lead to memory consumption and subsequent system exceptions. Connected sou...

Updated xerces-c packages fix CVE-2017-12627

Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processi...

MGASA-2018-0158 Updated xerces-c packages fix CVE-2017-12627

Updated xerces-c packages fix security vulnerability: The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processi...

Apache Xerces-C XML Parser Library Denial of Service Vulnerability

Apache Xerces XML Parser library is the Apache Apache Software Foundation of the United States of America, a XML syntax parser library . Apache Xerces-C is its language version. A security vulnerability exists in the Apache Xerces-C XML Parser library. A remote attacker could exploit this...