Download
| Alert*
oval:org.secpod.oval:def:2106968
Oracle Solaris 11 - ( CVE-2021-3518 ) oval:org.secpod.oval:def:121511 Qt5 - QtWebEngine components. oval:org.secpod.oval:def:1700653 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be proce ... oval:org.secpod.oval:def:2500334 The libxml2 library is a development toolbox providing the implementation of various XML standards. oval:org.secpod.oval:def:73714 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c * libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c * libxml2: Use-after-free in xmlXI ... oval:org.secpod.oval:def:4500068 The libxml2 library is a development toolbox providing the implementation of various XML standards. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:97592 [CLSA-2022:1641903536] Fixed 8 CVEs in libxml2 oval:org.secpod.oval:def:1505507 [2.9.7-12] - Fix CVE-2022-23308 [2.9.7-11] - Fix CVE-2021-3541 [2.9.7-10] - Fix CVE-2021-3516 - Fix CVE-2021-3517 - Fix CVE-2021-3518 - Fix CVE-2021-3537 oval:org.secpod.oval:def:120342 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:73703 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:89047069 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms oval:org.secpod.oval:def:1801977 Twistlock alerts us that a medium sev vulnerability CVE-2021-3541 exists in libxml2 in Alpine 3.12 (as well as other active releases 3.11 and 3.13). Upgrading the affected releases to libxml 2.9.12 (as found in 3.14) should resolve this issue. oval:org.secpod.oval:def:73458 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:506241 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c * libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c * libxml2: Use-after-free in xmlXI ... oval:org.secpod.oval:def:73457 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:120247 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:1505003 [2.9.7-9.0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.7-9.2] - Fix CVE-2021-3541 [2.9.7-9.1] - Fix CVE-2021-3516 - Fix CVE-2021-3517 - Fix CVE-2021-3518 - Fix CVE-2021-3537 oval:org.secpod.oval:def:89045074 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack that could bypass all existing protection mechanisms . oval:org.secpod.oval:def:121575 Qt5 - QtWebEngine components. oval:org.secpod.oval:def:1601696 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml ... oval:org.secpod.oval:def:89048764 This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed inconsistent result when hashing empty strings . * CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType . * CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c . The followin ... |