37 matches found
Linux Distros Unpatched Vulnerability : CVE-2015-7499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context- dependent attackers to obtain sensitive process memory...
SUSE: Security Advisory (SUSE-SU-2016:0030-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS: Security Advisory for libxml2 (CESA-2015:2549)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2016:0049-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: libxml2
Issue Overview: A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information.CVE-2015-8242 A denial of service flaw w...
Denial Of Service (DoS)
The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or...
Apple TV < 9.2 Multiple Vulnerabilities
According to its banner, the remote Apple TV device is a version prior to 9.2. It is, therefore, affected by the following vulnerabilities : - An XML external entity XXE expansion flaw exists in libxml2 due to the XML parser accepting entities from untrusted sources. An unauthenticated, remote...
Fedora 23 : libxml2-2.9.3-1.fc23 (2015-c24af963a2)
Very large set of security issues for libxml2 and a bunch of bug fixes tooCVE-2015-8242 CVE-2015-7500 CVE-2015-7499 CVE-2015-5312 CVE-2015-7498 CVE-2015-7497 CVE-2015-1819 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 Note that Tenable Network Security has extracted the preceding description block...
Fedora 22 : libxml2-2.9.3-1.fc22 (2015-037f844d3e)
Very large set of security issues for libxml2 and a bunch of bug fixes tooCVE-2015-8242 CVE-2015-7500 CVE-2015-7499 CVE-2015-5312 CVE-2015-7498 CVE-2015-7497 CVE-2015-1819 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 Note that Tenable Network Security has extracted the preceding description block...
openSUSE Security Update : libxml2 (openSUSE-2016-32)
security update: This update fixes the following security issues : - CVE-2015-1819 Enforce the reader to run in constant memory bnc928193 - CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors bnc951734 - CVE-2015-7942 Fix another variation...
Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2
Nokogiri version 1.6.7.2 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVE: CVE-2015-7499 CVSS v2 Base Score: 5.0 MEDIUM Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent...
SUSE SLED11 / SLES11 Security Update : libxml2 (SUSE-SU-2016:0030-1)
This update fixes the following security issues : - CVE-2015-1819 Enforce the reader to run in constant memory bnc928193 - CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors bnc951734 - CVE-2015-7942 Fix another variation of overflow in...
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:0049-1)
security update: This update fixes the following security issues : - CVE-2015-1819 Enforce the reader to run in constant memory bnc928193 - CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors bnc951734 - CVE-2015-7942 Fix another variation...
[SECURITY] [DSA 3430-1] libxml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3430-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2015 https://www.debian.org/security/faq -...
Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20151207)
Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use...
CVE-2015-7499
CVE-2015-7499 (libxml2) involves a heap-based buffer overflow in the xmlGROW function of parser.c, affecting libxml2 prior to 2.9.3. The consequence described is memory disclosure/leakage under certain crafted XML inputs. The Amazon Linux 2 advisory ALAS2-2019-1220 confirms libxml2 exposure and l...
CVE-2015-7499
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors...
CVE-2015-7499
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors...
Ubuntu 14.04 LTS : libxml2 vulnerabilities (USN-2834-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2834-1 advisory. Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a...
Nokogiri gem contains several vulnerabilities in libxml2
Nokogiri version 1.6.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2015-5312 CVSS v2 Base Score: 7.1 HIGH The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion,...