59 matches found
MiracleLinux 8 : libxml2-2.9.7-13.el8.1 (AXSA:2022-3668:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3668:04 advisory. libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write CVE-2022-29824 Tenable has extracted the preceding description block directly...
TencentOS Server 3: libxml2 (TSSA-2022:0127)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0127 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Alibaba Cloud Linux 3 : 0127: libxml2 (ALINUX3-SA-2022:0127)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0127 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-29824: In libxml2 before 2.9.14, several...
Linux Distros Unpatched Vulnerability : CVE-2022-29824
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in...
Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2022-29824)
Summary UPDATED Dec 12 2022 Added iFixes for AIX 7.2 TL5 SP5 and VIOS 3.1.4.10: A vulnerability in libxml2 could allow a remote attacker to cause a denial of service CVE-2022-29824. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2022-29824 DESCRIPTION: GNOM...
Tenable Nessus < 10.5.2 Multiple Vulnerabilities (TNS-2023-20)
According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.5.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-20 advisory. - Nessus leverages third-party software to help provide underlying functionality...
Medium: libxml2
Issue Overview: parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. CVE-2017-16931 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in...
SUSE: Security Advisory (SUSE-SU-2023:2048-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:2048-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings bsc1210412. - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType bsc1210411. - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write ...
CBL Mariner 2.0 Security Update: libxslt / libxml2 (CVE-2022-29824)
The version of libxslt / libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-29824 advisory. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer...
SUSE CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.12-alt1.p10.1
1:2.9.12-alt1.p10.1 built Feb. 2, 2023 Alexander Danilov in task 314068 Jan. 24, 2023 Alexander Danilov - Applied security fixes from upstream Fixes: CVE-2022-23308, CVE-2022-29824, CVE-2022-40303, CVE-2022-40304...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNOME libxml2 (CVE-2022-29824)
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNOME libxml2, caused by an integer overflows in several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer CVE-2022-29824. GNOME libxml2 is used as part of the base image...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update
An update is now available for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Tenable Nessus < 8.15.7 Multiple Vulnerabilities (TNS-2022-26)
Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...
libxml2 security update
2.9.7-15 - Fix CVE-2016-3709 2120781 2.9.7-14 - Fix CVE-2022-29824 2082298...
Tenable Nessus < 10.3.1 Multiple Vulnerabilities (TNS-2022-20)
Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-29824
Summary GNOME libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the operand images as part of the base operating system. Use of libxml2 within IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution and...
EulerOS Virtualization 3.0.6.0 : libxml2 (EulerOS-SA-2022-2572)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 - In libxml2 before 2.9.14,...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2022-2390)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...