200 matches found
RHSA-2025:22177 Red Hat Security Advisory: libxml2 security update
Bulletin has no description...
JLSEC-2025-75 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer...
In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...
JLSEC-2025-83 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...
JLSEC-2025-76 Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
Possible cross-site scripting vulnerability in libxml after commit 960f0e2...
rexml: REXML: Denial of Service via inefficient regex parsing
A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...
EUVD-2012-0902
Malware in sbrugna...
Unity Linux 20.1070a Security Update: libxml2 (UTSA-2025-986120)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986120 advisory. A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can...
EUVD-2022-7493
Malicious code in bioql PyPI...
EUVD-2023-1603
Malicious code in bioql PyPI...
CLSA-2025-1759336003 libxml2: Fix of CVE-2025-7425
Fix typo in CVE-2025-7425 fix...
[SECURITY] [DLA 4319-1] libxml2 security update
Debian LTS Advisory DLA-4319-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin September 30, 2025 https://wiki.debian.org/LTS Package : libxml2 Version : 2.9.10+dfsg-6.7+deb11u9 CVE ID : CVE-2025-9714 CVE-2025-7425 Debian Bug : 1109122 Two security issues were foun...
Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)
Summary DS8900F and DS8A00 updates have been released to remediate vulnerabilities in libexpat, libxml2, libsoup and krb5 libraries. Review the Vulnerability Details section below for additional information. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack overflow vulnerability...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.4 Vulnerability Details CVEID:CVE-2016-10228 DESCRIPTION: The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNO...
REXML has a DoS condition when parsing malformed XML file
...
REXML has DoS condition when parsing malformed XML file
Impact The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches REXML gems 3.4.2 or later include the patches to fix these vulnerabilities...
defusedxml
This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the xml.etree.ElementTree module, which is a built-in Python module for parsing and creating XML documents. The library is maintained by...
Unchecked Input for Loop Condition
Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the exsltDynMapFunction function in libexslt/dynamic.c when handling specially crafted XSLT documents that trigger uncontrolled recursion. An attacker can cause stack exhaustion and disrupt service...
Linux Distros Unpatched Vulnerability : CVE-2023-45322
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the...
Linux Distros Unpatched Vulnerability : CVE-2016-4571
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mxmlwritenode function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service stack consumption via...
RHEL 7 : libxml2 (RHSA-2025:13789)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13789 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Out-of-bounds Read in...