21 matches found
Astra Linux - уязвимость в libxml2
In libxml2 versions before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings due to an incorrect return value. This issue occurs in the xmlPythonFileRead and xmlPythonFileReadRaw functions, caused by a discrepancy between bytes and characters...
BIT-JAVA-2025-32414
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...
PT-2026-37836
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...
PT-2026-38043
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...
JLSEC-2025-89 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Pyth...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-1935)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-1981)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2025:15363-1 libxml2-2-2.13.8-3.1 on GA media
These are all security issues fixed in the libxml2-2-2.13.8-3.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2025:15321-1 libxml2-2-2.13.8-2.1 on GA media
These are all security issues fixed in the libxml2-2-2.13.8-2.1 package on the GA media of openSUSE Tumbleweed...
SUSE CVE-2025-47933
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve...
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
...
DEBIAN-CVE-2025-32415
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...
AZL-60863 CVE-2025-32415 affecting package libxml2 for versions less than 2.10.4-7
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...
libxml2 安全漏洞
libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, XSH. A security vulnerability exists in libxml2 versions prior to 2.13.8 and prior to 2.14.2, which stems from a heap buffer under-read in...
AZL-59722 CVE-2025-32414 affecting package libxml2 for versions less than 2.10.4-7
In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...
libxml2 安全漏洞
libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 versions prior to 2.13.8 and 2.14.x through 2.14.2, which stems from an out-of-bounds memory access due to ...
WordPress Spectra Plugin <= 2.13.7 is vulnerable to Broken Access Control
Software Spectra Type Plugin Vulnerable versions = 2.13.7 Fixed in 2.13.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37517 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID dc287e0a3ecb Credits Rafie Muhammad Patchstack Required...
Important: Red Hat Security Advisory: Red Hat build of Quarkus security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links i...
PT-2023-4947 · Red Hat · Quarkus
Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 2.6.11 Quarkus versions prior to 3.2.6 Quarkus versions prior to 3.3.3 Red Hat build of Quarkus versions prior to 2.13.8.SP2 Description: A flaw was found in Quarkus where HTTP security policies are not sanitizing...
Quarkus 安全漏洞
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus versions prior to 2.13.8, which stems from the leakage of IDs and access tokens via authorization code streams...