Linux Distros Unpatched Vulnerability : CVE-2017-18258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : libxml2 vulnerabilities (USN-3739-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3739-1 advisory. Matias Brutti discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose...

Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to CVE-2017-18258

Summary libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the images as part of the base operating system packages. IBM App Connect Enterprise Certified Container may be vulnerable to denial of service. This bulletin provides patch information to...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.18)

The version of AOS installed on the remote host is prior to 5.18. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.18 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats A...

SUSE: Security Advisory (SUSE-SU-2018:3081-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2369-1 : libxml2 security update

Several security vulnerabilities were corrected in libxml2, the GNOME XML library. CVE-2017-8872 Global buffer-overflow in the htmlParseTryOrFinish function. CVE-2017-18258 The xzhead function in libxml2 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA...

Debian: Security Advisory (DLA-2369-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities

Summary IBM MQ Appliance has addressed multiple libxml2 vulnerabilities. Vulnerability Details CVEID: CVE-2015-8035 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by the failure to properly detect compression errors by the xzdecomp function. By using specially-crafted XML data,...

Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)

libxml2: Use after free triggered by XPointer paths beginning with range-to libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate function in xpath.c libxml2: DoS caused by incorrect error detection during XZ decompression libxml2: NULL pointer dereference in xmlXPathCompOpEval functio...

libxml2 security update

CentOS Errata and Security Advisory CESA-2020:1190 An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1559)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Copy-Paste Vulnerability (CPV) Through Libxml2

nokogiri is vulnerable to denial of service DoS attacks. The library uses a vulnerable version of libxml2, causing it to be vulnerable to the following CVEs: 1. CVE-2016-9318: XML External Entity XXE through a crafted document. 2. CVE-2017-16932: Infinite Recursion during parsing. 3...

openSUSE Security Update : libxml2 (openSUSE-2018-1149)

This update for libxml2 fixes the following security issues : - CVE-2018-9251: The xzdecomp function allowed remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint bsc1088279. - CVE-2018-14567: Prevent denial ...

openSUSE: Security Advisory for libxml2 (openSUSE-SU-2018:3107-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libxml2 (moderate)

This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xzdecomp function allowed remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint bsc1088279. - CVE-2018-14567: Prevent denial o...

CVE-2018-18258

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...

CVE-2018-18258

CVE-2018-18258 affects BageCMS 3.1.3. The vulnerability allows an attacker to execute arbitrary PHP code on the web server and read any file via the URI index.php?r=admini/template/updateTpl&filename=, indicating a server-side code execution and information disclosure risk. The NVD entry assigns ...

SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:3081-1)

This update for libxml2 fixes the following security issues : CVE-2018-9251: The xzdecomp function allowed remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint bsc1088279. CVE-2018-14567: Prevent denial of...

Debian DLA-1524-1 : libxml2 security update

CVE-2018-14404 Fix of a NULL pointer dereference which might result in a crash and thus in a denial of service. CVE-2018-14567 and CVE-2018-9251 Approvement in LZMA error handling which prevents an infinite loop. CVE-2017-18258 Limit available memory to 100MB to avoid exhaustive memory consumptio...

[SECURITY] [DLA 1524-1] libxml2 security update

Package : libxml2 Version : 2.9.1+dfsg1-5+deb8u7 CVE ID : CVE-2017-18258 CVE-2018-9251 CVE-2018-14404 CVE-2018-14567 CVE-2018-14404 Fix of a NULL pointer dereference which might result in a crash and thus in a denial of service. CVE-2018-14567 and CVE-2018-9251 Approvement in LZMA error handling...