TencentOS Server 3: libxml2 (TSSA-2026:0348)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0348 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

new packages: libxml2

An update is available for libxml2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.0...

Astra Linux - уязвимость в libxml2

Possible cross-site scripting vulnerability in libxml after commit 960f0e2...

Astra Linux - уязвимость в libxml2

A flaw was identified in the RelaxNG parser of libxml2 regarding how external schema inclusions are handled. The parser does not enforce a limit on the inclusion depth when resolving nested directives. Specifically crafted or overly complex schemas can cause excessive recursion during parsing. Th...

Astra Linux - уязвимость в libxml2

There is a flaw in libxml2 in versions before 2.9.11. An attacker who can submit a crafted file for processing by an application that uses libxml2 can trigger a use-after-free vulnerability. The most significant impact of this flaw is related to confidentiality, integrity, and availability...

Astra Linux - уязвимость в libxml2

There is a flaw in the XML entity encoding functionality of libxml2 in versions prior to 2.9.11. An attacker who can provide a crafted file for processing by an application that utilizes the affected functionality of libxml2 may trigger an out-of-bounds read. The most likely impact of this flaw i...

Astra Linux - уязвимость в libxml2

A issue was discovered in libxml2 before version 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters may overflow. This leads to an attempt to access an array at a negative 2GB offset, typically resulting in a segmentation fault...

Astra Linux - уязвимость в libxml2

A issue was discovered in libxml2 before version 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logical errors. In one case, a double-free can occur...

Astra Linux - уязвимость в libxml2

In libxml2 versions before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer do not check for integer overflows. This can lead to out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software that uses libxml2’s...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlParseAttValueComplex function in the parser.c component of the Libxml2 library is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlMemStrdup function in the Libxml2 library is related to pointer manipulation errors. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в libxml2

The vulnerability of the Libxml2 library is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в libxml2

There is a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who can submit a crafted file for processing by xmllint could trigger a use-after-free. The most significant impact of this flaw is on confidentiality, integrity, and availability...

Astra Linux - уязвимость в libxml2

A flaw was discovered in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function, where an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by...

Astra Linux - уязвимость в libxml2

A vulnerability was discovered in libxml2 in versions prior to 2.9.11. This vulnerability allows errors to go unnoticed during the parsing of XML mixed content, resulting in a NULL dereference. If an untrusted XML document is parsed in recovery mode and after post-validation, this flaw could be...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlFAParseCharClassEsc function in the xmlregexp.c component of the Libxml2 library is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause a service failure...

Astra Linux - уязвимость в libxml2

A flaw was discovered in the libxml2 library. This vulnerability arises from uncontrolled resource consumption when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this vulnerability by providing malicious catalogs,...

Astra Linux - уязвимость в libxml2

A issue was discovered in libxml2 before versions 2.11.7 and 2.12.x, and even before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to a use-after-free of the xmlValidatePopElement function...

Astra Linux - уязвимость в libxml2

The vulnerability of the xmlBuildRelativeURI function in the uri.c component of the Libxml2 library is related to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to cause service failures remotely...

Astra Linux - уязвимость в libxml2

The parser.c file in libxml2 before version 2.9.5 does not prevent infinite recursion in parameter entities...