Huawei EulerOS: Security Advisory for perl-XML-LibXML (EulerOS-SA-2020-2055)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : perl-XML-LibXML (EulerOS-SA-2020-2055)

According to the version of the perl-XML-LibXML package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the...

FreeBSD : libxml -- multiple vulnerabilities (f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9)

CVE mitre reports : CVE-2019-20388 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. CVE-2020-24977 GNOME project libxml2...

Security Bulletin: Multiple Vulnerabilities in libpng and libxml affect Rational DOORS

Summary Multiple vulnerabilities in libpng and libxml affect Rational DOORS Vulnerability Details CVE-ID: CVE-2015-1819 Description: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreader when processing XML data. A remote attacker could...

Updated php packages fix bugs and security vulnerabilities

Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...

Fedora 31 : php (2020-32f9a2b308)

PHP version 7.3.15 20 Feb 2020 Core: - Fixed bug php71876 Memory corruption htmlspecialchars: charset ' not supported. Nikita - Fixed bug php79146 cscript can fail to run on some systems. clarodeus - Fixed bug php78323 Code 0 is returned on invalid options. Ivan Mikheykin - Fixed bug php76047...

Fedora 30 : php (2019-ec40d89812)

PHP version 7.2.21 01 Aug 2019 Date: - Fixed bug php69044 discrepency between time and microtime. krakjoe EXIF: - Fixed bug php78256 heap-buffer-overflow on exifprocessusercomment. CVE-2019-11042 Stas - Fixed bug php78222 heap-buffer-overflow on exifscanthumbnail. CVE-2019-11041 Stas Fileinfo: -...

Fedora 28 : php (2018-b6072889db)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

Fedora 29 : php (2018-791c3cfe21)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

The vulnerability of the LIBXML_ATTR_FORMAT function in the libxml2 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the LIBXMLATTRFORMAT function in the libxml2 library HTML parser.c is related to the use of an uncontrolled format string. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

Fedora 27 : php (2018-25100b492c)

PHP version 7.1.22 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk Apache2: - Fixed bug php76582 Apache bucket brigade sometimes becomes invalid. stas Bz2: - Fixed arginfo for bzcompress...

GHSA-Q7WX-62R7-J2X7 Nokogiri vulnerable to libxml XML Entity Expansion

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

Nokogiri vulnerable to libxml XML Entity Expansion

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

DEBIAN-CVE-2018-14404

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATHOPAND or XPATHOPOR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerab...

PT-2018-2348

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.9 Description The issue is related to a NULL pointer dereference vulnerability in the xpath.c:xmlXPathCompOpEval function of libxml2. This vulnerability can be exploited by a remote attacker, allowing them to caus...

Security Bulletin: Multiple Vulnerabilities in libxml, OpenSSH, Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1819, CVE-2015-5600, CVE-2015-7183, CVE-2015-7181, CVE-2015-7182)

Summary Multiple Vulnerabilities in libxml, OpenSSH, Firefox affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the...

Security Bulletin: Vulnerability in libxml, openssh, PAM, Firefox, affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Vulnerability in libxml, openssh, PAM, Firefox, affects IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance CVE-2015-1819, CVE-2015-3238, CVE-2015-5600 and others. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by...

Security Bulletin: A libxml vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-1819)

Summary IBM Security Access Manager for Mobile is affected by a denial of service vulnerability in libxml2. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreader when processing XM...

Security Bulletin: A vulnerability in Libxml affects IBM Security Network Protection (CVE-2015-1819)

Summary The Libxml library is a development toolbox providing the implementation of various XML standards. A security vulnerability has been discovered in Libxml used with IBM Security Network Protection. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of...

Security Bulletin: A vulnerability in XML processing affects IBM DataPower Gateways (CVE-2015-1819)

Summary IBM DataPower Gateways has addressed a vulnerability in parsing certain XML files that could cause a denial of service. Vulnerability Details CVEID: CVE-2015-1819 DESCRIPTION: Libxml is vulnerable to a denial of service, caused by an XML External Entity Injection XXE error in the xmlreade...