2704 matches found
CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
Design/Logic Flaw
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
CentOS 9 : libxml2-2.9.13-3.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libxml2-2.9.13-3.el9 build changelog. - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled...
CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
CVE-2024-23807 Apache Xerces C++: Use-after-free on external DTD scan
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
CVE-2024-23807
CVE-2024-23807 affects the Apache Xerces-C++ XML parser (versions 3.0.0 up to, but not including, 3.2.5) due to a use-after-free when scanning external DTDs. Patched in 3.2.5; mitigations include disabling DTD processing (DOM: standard feature; SAX: XERCES_DISABLE_DTD). Connected documents corrob...
[SECURITY] Fedora 39 Update: mingw-expat-2.6.0-1.fc39
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...
Xxe
The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...
CVE-2024-25129 Limited data exfiltration in CodeQL CLI
The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...
CVE-2024-25129 Limited data exfiltration in CodeQL CLI
The CodeQL CLI repo holds binaries for the CodeQL command line interface CLI. Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously...
CVE-2024-25129
The CVE-2024-25129 entry concerns CodeQL CLI prior to version 2.16.3, where an XML External Entity flaw in the CLI’s XML parser can cause the CLI to fetch an HTTP URL containing data read from a local file when processing malicious databases or specially crafted QL sources. Impact described as po...
SUSE CVE-2024-23807
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via...
Medium: woodstox-core
Issue Overview: Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks DOS if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial o...
[SECURITY] Fedora 39 Update: expat-2.6.0-1.fc39
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...
Fedora: Security Advisory (FEDORA-2024-269826c2b3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Xerces-C Resource Management Error Vulnerability
Apache Xerces-C is an XML parser from the Apache USA Foundation written in C++. Apache Xerces-C suffers from a resource management error vulnerability that stems from memory reuse after release...
CVE-2023-52239
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...
Design/Logic Flaw
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...
CVE-2023-52239
CVE-2023-52239 affects Magic xpi Integration Platform 4.13.4. The XML parser is vulnerable to XML External Entity (XXE) attacks, e.g., via onItemImport. Impacts include potential disclosure or manipulation of downstream data where XML is processed; exploitation details are not fully provided in t...