Download
| Alert*
|
oval:org.secpod.oval:def:601712
Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution. oval:org.secpod.oval:def:1300301 Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attack ... oval:org.secpod.oval:def:1600013 It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, w ... oval:org.secpod.oval:def:203590 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ... oval:org.secpod.oval:def:701947 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:1500963 It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting i ... oval:org.secpod.oval:def:26580 The host is installed with Apple Mac OS X or Server 10.8.5, 10.9.5 or 10.10.x through 10.10.4 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unknown vector. Successful exploitation allows attackers to cause a denial of service. oval:org.secpod.oval:def:203323 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ... oval:org.secpod.oval:def:1500566 Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:108665 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:601952 It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled. In addition, this update addresses a regression introduced in DSA 3057 by t ... oval:org.secpod.oval:def:107745 Libraries for KDE 4. oval:org.secpod.oval:def:501293 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ... oval:org.secpod.oval:def:52218 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:501547 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ... oval:org.secpod.oval:def:1100083 The remote host is missing a patch containing a security fix, which affects the following packages: bos.rte.control. For more information please visit vendor advisory link. oval:org.secpod.oval:def:108680 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:108251 MinGW Windows libxml2 XML processing library. oval:org.secpod.oval:def:108244 MinGW Windows libxml2 XML processing library. oval:org.secpod.oval:def:89044322 This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess . - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:x ... oval:org.secpod.oval:def:26707 The host is missing a security update according to Apple advisory, APPLE-SA-2015-08-13-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted vectors. Successful exploitation may lead to an unexpected application terminati ... |
