MiracleLinux 9 : libxml2-2.9.13-3.el9.1 (AXSA:2023-6287:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6287:04 advisory. libxml2: NULL dereference in xmlSchemaFixupComplexType CVE-2023-28484 libxml2: Hashing of empty dict strings isn't deterministic CVE-2023-29469...

MiracleLinux 8 : libxml2-2.9.7-16.el8.1 (AXSA:2023-6331:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6331:05 advisory. libxml2: NULL dereference in xmlSchemaFixupComplexType CVE-2023-28484 libxml2: Hashing of empty dict strings isn't deterministic CVE-2023-29469...

TencentOS Server 3: libxml2 (TSSA-2023:0201)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0201 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2021-29469

Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1...

CVE-2020-29469

WonderCMS 3.1.3 is affected by cross-site scripting XSS in the Menu component. This vulnerability can allow an attacker to inject the XSS payload in the Setting - Menu and each time any user will visits the website directory, the XSS triggers and attacker can steal the cookie according to the...

Alibaba Cloud Linux 3 : 0111: libxml2 (ALINUX3-SA-2023:0111)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0111 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-28484: In libxml2 before 2.10.4,...

Siemens SCALANCE W700 Double Free (CVE-2023-29469)

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-2282)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

F5 Networks BIG-IP : libxml2 vulnerability (K000139592)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139592 advisory. An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document,...

K000139592: libxml2 vulnerability CVE-2023-29469

Security Advisory Description An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs...

CVE-2024-29469

CVE-2024-29469 involves a stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4. The issue stems from the Lab module’s Category List parameter, where user-supplied data is not properly filtered/escaped, allowing attackers to inject and execute arbitrary web scripts or HTML in the cont...

GLSA-202402-11 : libxml2: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202402-11 libxml2: Multiple Vulnerabilities - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : libxml2 (RHSA-2024:0413)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0413 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: integer overflo...

libxml2 security update

2.9.7-18 - Fix CVE-2023-39615 RHEL-5179 2.9.7-17 - Fix CVE-2023-28484 2186692 - Fix CVE-2023-29469 2186692...

Advisory ROSA-SA-2024-2321

software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...

Advisory ROSA-SA-2023-2319

software: libxml2 2.9.14 OS: ROSA-CHROME packageevrstring: libxml2-2.9.14-4.src.rpm CVE-ID: CVE-2023-28484 BDU-ID: 2023-03298 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType xmlschemas.c function of the Libxml2 library is related to null pointer dereferencing...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-3404)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2023-343-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] libxml2

New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.12.2-i586-1slack15.0.txz: Upgraded. Add --sysconfdir=/etc option so that this can find the xml catalog...