22 matches found
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.18)
The version of AOS installed on the remote host is prior to 5.18. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.18 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats A...
SUSE: Security Advisory (SUSE-SU-2016:0786-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:0049-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities
Summary IBM MQ Appliance has addressed multiple libxml2 vulnerabilities. Vulnerability Details CVEID: CVE-2015-8035 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by the failure to properly detect compression errors by the xzdecomp function. By using specially-crafted XML data,...
Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)
libxml2: Use after free triggered by XPointer paths beginning with range-to libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate function in xpath.c libxml2: DoS caused by incorrect error detection during XZ decompression libxml2: NULL pointer dereference in xmlXPathCompOpEval functio...
libxml2 security update
CentOS Errata and Security Advisory CESA-2020:1190 An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1559)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-14567
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251...
Apple TV < 9.2 Multiple Vulnerabilities
According to its banner, the remote Apple TV device is a version prior to 9.2. It is, therefore, affected by the following vulnerabilities : - An XML external entity XXE expansion flaw exists in libxml2 due to the XML parser accepting entities from untrusted sources. An unauthenticated, remote...
Fedora 22 : libxml2-2.9.3-1.fc22 (2015-037f844d3e)
Very large set of security issues for libxml2 and a bunch of bug fixes tooCVE-2015-8242 CVE-2015-7500 CVE-2015-7499 CVE-2015-5312 CVE-2015-7498 CVE-2015-7497 CVE-2015-1819 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 Note that Tenable Network Security has extracted the preceding description block...
Fedora 22 : mingw-libxml2-2.9.3-1.fc22 (2016-a9ee80b01d)
Update to 2.9.3 which fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...
Fedora 23 : libxml2-2.9.3-1.fc23 (2015-c24af963a2)
Very large set of security issues for libxml2 and a bunch of bug fixes tooCVE-2015-8242 CVE-2015-7500 CVE-2015-7499 CVE-2015-5312 CVE-2015-7498 CVE-2015-7497 CVE-2015-1819 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 Note that Tenable Network Security has extracted the preceding description block...
openSUSE Security Update : libxml2 (openSUSE-2016-32)
security update: This update fixes the following security issues : - CVE-2015-1819 Enforce the reader to run in constant memory bnc928193 - CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors bnc951734 - CVE-2015-7942 Fix another variation...
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:0049-1)
security update: This update fixes the following security issues : - CVE-2015-1819 Enforce the reader to run in constant memory bnc928193 - CVE-2015-7941 Fix out of bound read with crafted xml input by stopping parsing on entities boundaries errors bnc951734 - CVE-2015-7942 Fix another variation...
[SECURITY] [DSA 3430-1] libxml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3430-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso December 23, 2015 https://www.debian.org/security/faq -...
libxml2: multiple issues
CVE-2015-1819 denial of service A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory...
FreeBSD : libxml2 -- multiple vulnerabilities (e5423caf-8fb8-11e5-918c-bcaec565249c)
reports : CVE-2015-5312 Another entity expansion issue David Drysdale. CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey David Drysdale. CVE-2015-7498 Avoid processing entities after encoding conversion failures Daniel Veillard. CVE-2015-7499 1 Add xmlHaltParser to stop the...
libxml2 -- multiple vulnerabilities
reports: CVE-2015-5312 Another entity expansion issue David Drysdale. CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey David Drysdale. CVE-2015-7498 Avoid processing entities after encoding conversion failures Daniel Veillard. CVE-2015-7499 1 Add xmlHaltParser to stop the...
CVE-2015-8035
The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...
Ubuntu: Security Advisory (USN-2812-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...