2704 matches found
CVE-2023-52239
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...
CVE-2023-52239
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport...
libexpat Security Vulnerabilities
libexpat is a streaming XML parser written in C. It can be used in a number of different ways. A security vulnerability exists in libexpat version 2.5.0 and earlier versions, which stems from the need for many complete re-parses in the case of large tokens that require multiple buffer fills...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xerces-c (SUSE-SU-2024:0320-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0320-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the...
SUSE SLES12 Security Update : xerces-c (SUSE-SU-2024:0299-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0299-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw ha...
SUSE SLES15 Security Update : xerces-c (SUSE-SU-2024:0300-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0300-1 advisory. - The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw ha...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Apache Ivy information disclosure vulnerabilitiy [CVE-2023-46751]
Summary Apache Ivy information disclosure vulnerabilitiy CVE-2023-46751, caused by improper handling of XML external entity XXE declarations by the XML parser. have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to...
USN-6612-1: TinyXML vulnerability
It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted XML file, a remote attacker could possibly use this issue to cause a denial of service...
USN-6590-1: Xerces-C++ vulnerabilities
It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...
Fedora: Security Advisory (FEDORA-2024-80e6578a01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: tinyxml-2.6.2-28.fc38
TinyXML is a simple, small, C++ XML parser that can be easily integrating into other programs. Have you ever found yourself writing a text file parser every time you needed to save human readable data or serialize objects? TinyXML solves the text I/O file once and for all. Or, as a friend said,...
USN-6579-1: Xerces-C++ vulnerability
It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could...
Ubuntu 16.04 ESM / 18.04 ESM : Xerces-C++ vulnerability (USN-6579-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6579-1 advisory. It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could...
Ivanti Avalanche decode XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the decode method. Due to the improper restriction of XML External Entity XXE...
Fedora: Security Advisory for xerces-c (FEDORA-2023-52ba628e03)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2023-817ecc703f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: xerces-c-3.2.5-1.fc39
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...
[SECURITY] Fedora 38 Update: xerces-c-3.2.5-1.fc38
Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Xerces-C is faithful to the XML 1.0...
Fedora 39 : xerces-c (2023-817ecc703f)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-817ecc703f advisory. Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536 Tenable has extracted the preceding description block directly from the Fedora security...
Fedora 38 : xerces-c (2023-52ba628e03)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-52ba628e03 advisory. Update to 3.2.5, fixing CVE-2018-1311 and CVE-2023-37536 Tenable has extracted the preceding description block directly from the Fedora security...