cpe:/a:xmlsoft:libxml2:2.4.30 cpe:/a:xmlsoft:libxml2:2.5.7 cpe:/a:xmlsoft:libxml2:2.5.8 cpe:/a:xmlsoft:libxml2:2.6.6 cpe:/a:xmlsoft:libxml2:2.6.9 cpe:/a:xmlsoft:libxml2:2.6.11 cpe:/a:xmlsoft:libxml2:2.6.13 cpe:/a:xmlsoft:libxml2:2.6.14 cpe:/a:xmlsoft:libxml2:2.6.16 cpe:/a:xmlsoft:libxml2:2.6.17 cpe:/a:xmlsoft:libxml2:2.6.18 cpe:/a:xmlsoft:libxml2:2.6.20 cpe:/a:xmlsoft:libxml2:2.6.22 cpe:/a:xmlsoft:libxml2:2.6.27 cpe:/a:xmlsoft:libxml2:2.6.30 CVE-2008-3529 2008-09-12T12:56:20.493-04:00 2018-10-03T17:55:19.053-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-09-12T18:50:00.000-04:00 ALLOWS_ADMIN_ACCESS SECTRACK 1020855 SUNALERT 247346 SUNALERT 261688 SUNALERT 265329 BID 31126 SECUNIA 31558 SECUNIA 31855 SECUNIA 31860 SECUNIA 31868 SECUNIA 31982 SECUNIA 32265 SECUNIA 32280 SECUNIA 32807 SECUNIA 32974 SECUNIA 33715 SECUNIA 33722 SECUNIA 35056 SECUNIA 35074 SECUNIA 35379 SECUNIA 36173 SECUNIA 36235 EXPLOIT-DB 8798 VUPEN ADV-2008-2822 VUPEN ADV-2009-1297 VUPEN ADV-2009-1298 VUPEN ADV-2009-1522 VUPEN ADV-2009-1621 APPLE APPLE-SA-2009-05-12 APPLE APPLE-SA-2009-06-08-1 APPLE APPLE-SA-2009-06-17-1 DEBIAN DSA-1654 GENTOO GLSA-200812-06 MANDRIVA MDVSA-2008:192 REDHAT RHSA-2008:0884 REDHAT RHSA-2008:0886 SUSE SUSE-SR:2008:018 CERT TA09-133A UBUNTU USN-644-1 UBUNTU USN-815-1 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1 CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.apple.com/kb/HT3550 CONFIRM http://support.apple.com/kb/HT3613 CONFIRM http://support.apple.com/kb/HT3639 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0325 MISC http://xmlsoft.org/news.html CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=461015 XF libxml2-entitynames-bo(45085) Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.