2720 matches found
UBUNTU-CVE-2016-3705
The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...
[SECURITY] [DSA 3579-1] xerces-c security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3579-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2016 https://www.debian.org/security/faq -...
DSA-3579-1 xerces-c - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3579-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
xercesi-c3 -- multiple vulnerabilities
Apache reports: The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in...
CVE-2016-1343
The XML parser in Cisco Information Server CIS 6.2 allows remote attackers to read arbitrary files or cause a denial of service CPU and memory consumption via an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue, aka Bug ID CSCuy39059...
CVE-2016-1343
Cisco Information Server (CIS) 6.2 is affected by an XML External Entity (XXE) vulnerability in the XML parser, where external entity declarations combined with an entity reference can allow remote attackers to read arbitrary files or cause a denial of service (CPU/memory). Exploitation details a...
Cisco Information Server XML Parser Denial of Service Vulnerability
A vulnerability in the default configuration of the XML parser component of Cisco Information Server CIS could allow an unauthenticated, remote attacker to access sensitive data or cause excessive consumption of system resources, which could cause a denial of service DoS condition on a targeted...
[SECURITY] Fedora 22 Update: xerces-c-3.1.3-1.fc22
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...
[SECURITY] Fedora 24 Update: xerces-c-3.1.3-1.fc24
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...
CVE-2016-0729
Multiple buffer overflows in 1 internal/XMLReader.cpp, 2 util/XMLURL.cpp, and 3 util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service segmentation fault or memory corruption or possibly execute arbitrary code via a crafted...
CVE-2016-0729
Multiple buffer overflows in 1 internal/XMLReader.cpp, 2 util/XMLURL.cpp, and 3 util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service segmentation fault or memory corruption or possibly execute arbitrary code via a crafted...
DEBIAN-CVE-2016-0729
Multiple buffer overflows in 1 internal/XMLReader.cpp, 2 util/XMLURL.cpp, and 3 util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service segmentation fault or memory corruption or possibly execute arbitrary code via a crafted...
CVE-2016-0729
Multiple buffer overflows in 1 internal/XMLReader.cpp, 2 util/XMLURL.cpp, and 3 util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service segmentation fault or memory corruption or possibly execute arbitrary code via a crafted...
Buffer overflow
Multiple buffer overflows in 1 internal/XMLReader.cpp, 2 util/XMLURL.cpp, and 3 util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service segmentation fault or memory corruption or possibly execute arbitrary code via a crafted...
UBUNTU-CVE-2016-0729
Multiple buffer overflows in 1 internal/XMLReader.cpp, 2 util/XMLURL.cpp, and 3 util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service segmentation fault or memory corruption or possibly execute arbitrary code via a crafted...
CVE-2016-0729
Multiple buffer overflows in 1 internal/XMLReader.cpp, 2 util/XMLURL.cpp, and 3 util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service segmentation fault or memory corruption or possibly execute arbitrary code via a crafted...
CVE-2016-0729
CVE-2016-0729 is an Apache Xerces-C XML Parser vulnerability. The issue arises from improper bounds checking during processing and error reporting in Xerces-C, allowing a crafted input document to cause a denial of service (crash) and, in some cases, remote code execution. The base impact is seve...
The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to trigger a service failure or read arbitrary files.
The vulnerability of the XML parser in the IBM WebSphere Portal user interface relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files or cause service failures by declaring external links that are related ...
RHEL 7 : xerces-c (RHSA-2016:0430)
Updated xerces-c packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...