Download
| Alert*
|
oval:org.secpod.oval:def:1800077
libxml2 is installed oval:org.secpod.oval:def:1601308 Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the appli ... oval:org.secpod.oval:def:1601306 A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the pri ... oval:org.secpod.oval:def:89045294 This update for libxml2 fixes the following issues: - CVE-2016-4658: Use after free via namespace node in XPointer ranges . oval:org.secpod.oval:def:1300301 Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attack ... oval:org.secpod.oval:def:202458 The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, speciall ... oval:org.secpod.oval:def:1500963 It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting i ... oval:org.secpod.oval:def:203590 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ... oval:org.secpod.oval:def:202498 The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked agains ... oval:org.secpod.oval:def:203168 libxml2 is installed oval:org.secpod.oval:def:1600013 It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file that, w ... oval:org.secpod.oval:def:1601260 It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to ... oval:org.secpod.oval:def:1800912 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a "%" character in a DTD name. Fixed In Version: libxml2 2.9.5 oval:org.secpod.oval:def:202267 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing tim ... oval:org.secpod.oval:def:202459 The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, speciall ... oval:org.secpod.oval:def:202497 The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked agains ... oval:org.secpod.oval:def:507475 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: integer overflows with XML_PARSE_HUGE * libxml2: dict corruption caused by entity reference cycles For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:3301070 SUSE Security Update: Security update for libxml2 oval:org.secpod.oval:def:89050291 This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities . oval:org.secpod.oval:def:89050389 This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities . oval:org.secpod.oval:def:89050505 This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal . oval:org.secpod.oval:def:1601297 A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary c ... oval:org.secpod.oval:def:202260 The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an applicati ... oval:org.secpod.oval:def:202241 The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language , which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references ... oval:org.secpod.oval:def:1506355 [2.9.7-15.1] - Fix CVE-2022-40303 - Fix CVE-2022-40304 oval:org.secpod.oval:def:1506370 [2.9.13-3] - Fix CVE-2022-40303 - Fix CVE-2022-40304 oval:org.secpod.oval:def:1505862 [2.9.13-1.1] - Fix CVE-2022-29824 oval:org.secpod.oval:def:119060 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:500897 The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, speciall ... oval:org.secpod.oval:def:1503704 Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1500566 Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available f ... oval:org.secpod.oval:def:203323 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ... oval:org.secpod.oval:def:1600025 parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. oval:org.secpod.oval:def:1503908 Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ... oval:org.secpod.oval:def:500082 The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language , which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml ... oval:org.secpod.oval:def:1503820 Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:1503689 Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ava ... oval:org.secpod.oval:def:500928 The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked agains ... oval:org.secpod.oval:def:500704 The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language , which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references ... oval:org.secpod.oval:def:500706 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing tim ... oval:org.secpod.oval:def:500707 The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an applicati ... oval:org.secpod.oval:def:67964 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c * libxml2: infinite loop in xmlStringLenDecodeEntitie ... oval:org.secpod.oval:def:89050248 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun . - CVE-2019-19956: Fixed a memory leak . - CVE-2020-7595: Fixed an infinite loop in an EOF situation . oval:org.secpod.oval:def:504746 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c * libxml2: infinite loop in xmlStringLenDecodeEntitie ... oval:org.secpod.oval:def:1504919 [2.9.7-9.0.1] - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball [2.9.7-9] - Fix CVE-2020-24977 oval:org.secpod.oval:def:3301233 SUSE Security Update: Security update for libxml2 oval:org.secpod.oval:def:89047653 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c and tree.c . Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes oval:org.secpod.oval:def:121695 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:19500083 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-bounds write. ... oval:org.secpod.oval:def:5800120 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write For more details about the security issue, including the impact, a CVSS score, acknowledgments, and othe ... oval:org.secpod.oval:def:122178 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:89047608 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes . - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c and tree.c . oval:org.secpod.oval:def:2500542 The libxml2 library is a development toolbox providing the implementation of various XML standards. oval:org.secpod.oval:def:1800582 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a "%" character in a DTD name. Fixed In Version: libxml2 2.9.5 oval:org.secpod.oval:def:122157 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:89046026 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes . oval:org.secpod.oval:def:2500352 The libxml2 library is a development toolbox providing the implementation of various XML standards. oval:org.secpod.oval:def:73582 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal in entities.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and o ... oval:org.secpod.oval:def:4500904 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Use-after-free of ID and IDREF attributes For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer ... oval:org.secpod.oval:def:1800669 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a "%" character in a DTD name. Fixed In Version libxml2 2.9.5 oval:org.secpod.oval:def:4501333 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal in entities.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and o ... oval:org.secpod.oval:def:2600135 The libxml2 library is a development toolbox providing the implementation of various XML standards. oval:org.secpod.oval:def:5800014 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: integer overflows with XML_PARSE_HUGE * libxml2: dict corruption caused by entity reference cycles For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:2500918 The libxml2 library is a development toolbox providing the implementation of various XML standards. oval:org.secpod.oval:def:89047705 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE . - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles . oval:org.secpod.oval:def:1701240 An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. An iss ... oval:org.secpod.oval:def:4501217 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: integer overflows with XML_PARSE_HUGE * libxml2: dict corruption caused by entity reference cycles For more details about the security issue, including the impact, a CVSS sc ... oval:org.secpod.oval:def:202568 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-craft ... oval:org.secpod.oval:def:501005 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-craft ... oval:org.secpod.oval:def:1500068 Updated libxml2 packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is availabl ... oval:org.secpod.oval:def:1500074 Updated libxml2 packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is availab ... oval:org.secpod.oval:def:1600233 libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. oval:org.secpod.oval:def:202604 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-craft ... oval:org.secpod.oval:def:204297 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:1600156 A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive enti ... oval:org.secpod.oval:def:1500763 Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500774 Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from ... oval:org.secpod.oval:def:1500842 Updated libxml2 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the C ... oval:org.secpod.oval:def:203468 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:203494 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:107956 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:107829 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:501415 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:501547 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ... oval:org.secpod.oval:def:108680 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:501293 The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked ag ... oval:org.secpod.oval:def:108665 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:501459 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:205898 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Use after free via namespace node in XPointer ranges For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:2500215 The libxml2 library is a development toolbox providing the implementation of various XML standards. oval:org.secpod.oval:def:205655 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c * libxml2: infinite loop in xmlStringLenDecodeEntitie ... oval:org.secpod.oval:def:89000243 This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun . - CVE-2020-7595: Fixed an infinite loop in an EOF situation . - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal . - Fixed invalid xmlns references due to CVE-201 ... oval:org.secpod.oval:def:205906 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c * libxml2: infinite loop in xmlStringLenDecodeEntitie ... oval:org.secpod.oval:def:35693 The host is installed with RHEL 6 or 7 and is prone to a stack overflow vulnerability. A flaw is present in the application, which fails to properly handle crafted xml file. Successful exploitation could allow attackers to crash the service. oval:org.secpod.oval:def:89045366 This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application oval:org.secpod.oval:def:501615 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, co ... oval:org.secpod.oval:def:34933 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:109791 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:109976 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:1501101 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when process ... oval:org.secpod.oval:def:204237 The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, co ... oval:org.secpod.oval:def:97609 [CLSA-2022:1647255880] Fixed CVE-2022-23308 in libxml2 oval:org.secpod.oval:def:97692 [CLSA-2022:1670521677] libxml2: Fix of 2 CVEs oval:org.secpod.oval:def:97764 [CLSA-2023:1699381307] libxml2: Fix of CVE-2016-4658 oval:org.secpod.oval:def:500575 libxml is a library for parsing and manipulating XML files. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could prov ... oval:org.secpod.oval:def:202109 libxml is a library for parsing and manipulating XML files. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could prov ... oval:org.secpod.oval:def:202065 libxml is a library for parsing and manipulating XML files. A Document Type Definition defines the legal syntax for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could prov ... oval:org.secpod.oval:def:89045262 This update for libxml2 fixes two security issues: - libxml2 limits the number of recursions an XML document can contain so to protect against the Billion Laughs denial-of-service attack. Unfortunately, the underlying counter was not incremented properly in all necessary locations. Therefore, specia ... oval:org.secpod.oval:def:73714 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c * libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c * libxml2: Use-after-free in xmlXI ... oval:org.secpod.oval:def:2500334 The libxml2 library is a development toolbox providing the implementation of various XML standards. oval:org.secpod.oval:def:4500068 The libxml2 library is a development toolbox providing the implementation of various XML standards. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:97592 [CLSA-2022:1641903536] Fixed 8 CVEs in libxml2 oval:org.secpod.oval:def:120342 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:89047069 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms oval:org.secpod.oval:def:89047293 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess . - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInterna ... oval:org.secpod.oval:def:89044283 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess . - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal . - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesIntern ... oval:org.secpod.oval:def:89047107 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess . - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal . - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesIntern ... oval:org.secpod.oval:def:204176 The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ... oval:org.secpod.oval:def:1200024 A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory.The xmlParseConditionalSections func ... oval:org.secpod.oval:def:35562 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer underreads vulnerability. A flaw is present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:501720 The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ... oval:org.secpod.oval:def:203780 The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ... oval:org.secpod.oval:def:1700177 A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.A denial of service flaw was found in libxml2. A remote att ... oval:org.secpod.oval:def:1501264 libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-termin ... oval:org.secpod.oval:def:1501265 libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-termin ... oval:org.secpod.oval:def:89045199 This update fixes the following security issues: * CVE-2015-1819 Enforce the reader to run in constant memory [bnc#928193] * CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors [bnc#951734] * CVE-2015-7942 Fix another variation of overflow in ... oval:org.secpod.oval:def:501719 The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HT ... oval:org.secpod.oval:def:3302422 Security update for libxml2 oval:org.secpod.oval:def:3301443 Security update for libxml2 oval:org.secpod.oval:def:1701918 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when mem ... oval:org.secpod.oval:def:89051146 This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode in tree.c . oval:org.secpod.oval:def:89051132 This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode in tree.c . oval:org.secpod.oval:def:89051167 This update for libxml2 fixes the following issues: * CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode in tree.c . oval:org.secpod.oval:def:19500495 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when mem ... oval:org.secpod.oval:def:89049381 This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed not deterministic hashing of empty dict strings . * CVE-2023-28484: Fixed NULL dereference in xmlSchemaFixupComplexType . * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow . * CVE-2016-3709: Fixed cross-si ... oval:org.secpod.oval:def:89049378 This update for libxml2 fixes the following issues: * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow . oval:org.secpod.oval:def:507881 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: NULL dereference in xmlSchemaFixupComplexType * libxml2: Hashing of empty dict strings isn"t deterministic For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:1701644 Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service via supplying a crafted XML file oval:org.secpod.oval:def:507897 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: NULL dereference in xmlSchemaFixupComplexType * libxml2: Hashing of empty dict strings isn"t deterministic For more details about the security issue, including the impact, a ... oval:org.secpod.oval:def:3301590 Security update for libxml2 oval:org.secpod.oval:def:89049398 This update for libxml2 fixes the following issues: * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow . oval:org.secpod.oval:def:86366 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Incorrect server side include parsing can lead to XSS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:1701293 A NULL pointer dereference exists when parsing XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK libxml2 Hashing of empty dict strings isn't deterministic. When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results. This could lead to various ... oval:org.secpod.oval:def:507285 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Incorrect server side include parsing can lead to XSS For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related inform ... oval:org.secpod.oval:def:19500410 Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service via supplying a crafted XML file oval:org.secpod.oval:def:509113 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: libxml2: crafted xml can cause global buffer overflow For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refe ... oval:org.secpod.oval:def:89047730 This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability . - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE . - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles . oval:org.secpod.oval:def:1506167 [2.9.7-15] - Fix CVE-2016-3709 [2.9.7-14] - Fix CVE-2022-29824 oval:org.secpod.oval:def:3301859 Security update for libxml2 oval:org.secpod.oval:def:89048770 This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed inconsistent result when hashing empty strings . * CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType . The following non-security bug was fixed: * Remove unneeded dependency . oval:org.secpod.oval:def:19500038 A NULL pointer dereference exists when parsing XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK libxml2 Hashing of empty dict strings isn't deterministic. When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results. This could lead to various ... oval:org.secpod.oval:def:89048768 This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed inconsistent result when hashing empty strings . * CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType . oval:org.secpod.oval:def:2500841 The libxml2 library is a development toolbox providing the implementation of various XML standards. oval:org.secpod.oval:def:89049401 This update for libxml2 fixes the following issues: * CVE-2023-39615: Fixed crafted xml can cause global buffer overflow . oval:org.secpod.oval:def:89003145 This update for libxml2 fixes the following issues: Issue fixed: - Fixed a bug related to the fix for CVE-2016-9318 which allowed xsltproc to access the internet even when --nonet was given and also was making docbook-xsl-stylesheets to have incomplete xml catalog file . oval:org.secpod.oval:def:114914 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:1800821 CVE-2017-5969: Null pointer dereference parsing xml file using libxml Upstream bug report Reference oval:org.secpod.oval:def:1800809 CVE-2017-5969: Null pointer derefence parsing xml file using libxml Upstream bug report: oval:org.secpod.oval:def:503595 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Use after free triggered by XPointer paths beginning with range-to * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate function in xpath.c * libxml2: DoS caus ... oval:org.secpod.oval:def:89003032 This update for libxml2 fixes the following issues: Security issue fixed: - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack Other Issue fixed: - ... oval:org.secpod.oval:def:1800588 CVE-2017-5969: Null pointer derefence parsing xml file using libxml Upstream bug report: Reference: oval:org.secpod.oval:def:89044763 This update for libxml2 fixes the following issues: * CVE-2016-9318: libxml2 did not offer a flag directly indicating that the current document may be read but other files may not be opened, which made it easier for remote attackers to conduct XML External Entity attacks via a crafted document . * ... oval:org.secpod.oval:def:205539 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: * libxml2: Use after free triggered by XPointer paths beginning with range-to * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate function in xpath.c * libxml2: DoS caus ... oval:org.secpod.oval:def:114899 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:1600922 A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the applicati ... oval:org.secpod.oval:def:89044729 This update for libxml2 fixes the following issues: * CVE-2016-4658: use-after-free error could lead to crash [bsc#1005544] * Fix NULL dereference in xpointer.c when in recovery mode [bsc#1014873] * CVE-2016-9597: An XML document with many opening tags could have caused a overflow of the stack not d ... oval:org.secpod.oval:def:1800782 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity attacks via a crafted docu ... oval:org.secpod.oval:def:1700375 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnera ... oval:org.secpod.oval:def:1800895 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity attacks via a crafted docu ... oval:org.secpod.oval:def:1800076 CVE-2016-2073: out-of-bounds read in htmlParseNameComplex libxml2 is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds read in the htmlParseNameComplex function. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute ar ... oval:org.secpod.oval:def:89045302 This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c [bsc#963963, bsc#965283, bsc#981114]. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings [bsc ... oval:org.secpod.oval:def:34941 The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:1501504 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ... oval:org.secpod.oval:def:1501506 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ... oval:org.secpod.oval:def:1600423 A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permission ... oval:org.secpod.oval:def:34936 The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34937 The host is installed with RHEL 6 or 7 and is prone to a heap-based use-after-free vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34934 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34935 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34932 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overflow vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34938 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:34939 The host is installed with RHEL 6 or 7 and is prone to a heap-based buffer overread vulnerability. A flaw is present in the application, which fails to handle a crafted xml document. Successful exploitation could allow attackers to execute arbitrary code or crash the service. oval:org.secpod.oval:def:112278 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:112275 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:203957 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ... oval:org.secpod.oval:def:203956 The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an appl ... oval:org.secpod.oval:def:89048764 This update for libxml2 fixes the following issues: * CVE-2023-29469: Fixed inconsistent result when hashing empty strings . * CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType . * CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c . The followin ... oval:org.secpod.oval:def:89051493 This update for libxml2 fixes the following issues: * CVE-2024-25062: Fixed use-after-free in XMLReader . oval:org.secpod.oval:def:89051502 This update for libxml2 fixes the following issues: * CVE-2024-25062: Fixed use-after-free in XMLReader . oval:org.secpod.oval:def:89044817 This update for libxml2 fixes the following issues: Security issues fixed: * CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID * CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent * CVE-2017-7375: Prevented an unwanted external entity reference * CVE-2017-7376: Increase buff ... oval:org.secpod.oval:def:113949 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:114010 This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX stream o ... oval:org.secpod.oval:def:89044739 This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2017-9050: heap-based buffer overflow [bsc#1039069, bsc#1039661] - CVE-2017-9049: heap-based buffer overflow [bsc#1039066] - CVE-2017-9048: stack overflow vulnerability [bsc#1039063] - CVE-2017-9047: stack overflow v ... |
