Tenable Nessus 6.x < 6.8 Multiple Vulnerabilities

According to its self-reported version number, the Tenable Nessus application running on the remote host is 6.x prior to 6.8. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists in the Expat XML parser due to improper validation of user-supplied input whe...

Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check)

The version of Apple iTunes running on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker can...

Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check)

The version of Apple iTunes installed on the remote Windows host is prior to 12.4.2. It is, therefore, affected by multiple vulnerabilities : - Multiple memory corruption issues exist in the libxslt component due to improper validation of user-supplied input. An unauthenticated, remote attacker c...

OpenJDK: leak of user.dir location (JAXP, 8078427)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP...

[SECURITY] Fedora 22 Update: expat-2.1.1-2.fc22

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 23 Update: xerces-c-3.1.4-1.fc23

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 22 Update: xerces-c-3.1.4-1.fc22

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

[SECURITY] Fedora 22 Update: mingw-xerces-c-3.1.4-1.fc22

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker CVE-2016-4464...

MGASA-2016-0243 Updated xerces-c packages fix security vulnerability

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker CVE-2016-4464...

[SECURITY] Fedora 24 Update: mingw-xerces-c-3.1.4-1.fc24

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

Cisco Adaptive Security Appliance XML Parser DoS (cisco-sa-20160517-asa-xml)

The Cisco Adaptive Security Appliance ASA Software running on the remote device is affected by a denial of service vulnerability in the XML parser feature due to improper hardening of the XML parser configuration. An authenticated, remote attacker can exploit this, via a specially crafted XML fil...

xerces-c: denial of service

The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker...

[SECURITY] Fedora 24 Update: xerces-c-3.1.4-1.fc24

Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...

CVE-2016-4463

A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data...

DSA-3610-1 xerces-c - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3610-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 6 / 7 : libxml2 (ELSA-2016-1292)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1292 advisory. - Heap-based buffer overread in xmlNextChar CVE-2016-1762 - Bug 763071: Heap-buffer-overflow in xmlStrncat CVE-2016-1834 - Bug 757711:...

QlikView Server AccessPoint XML External Entity Injection

The version of QlikView Server running on the remote host is 11.20 prior to 11.20 SR12. It is, therefore, affected by an XML external entity XXE injection vulnerability, specifically DTD parameter injection, in the /AccessPoint.aspx script due to an incorrectly configured XML parser accepting XML...

Expat XML Parser Denial of Service Vulnerability

Expat is a C-based XML parser library , it uses a stream-oriented parser . Expat's XML parser fails to use proper entropy for hash initialization, allowing a remote attacker to exploit a vulnerability that could be exploited to construct special XML documents that would trick an application into...