EUVD-2016-10401

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-3705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows...

RHEL 5 : libxml2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libxml2: Use after free via namespace node in XPointer ranges CVE-2016-4658 - libxml2: Missing validation...

K54225343: libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705

Security Advisory Description CVE-2016-3627 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document...

SUSE CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705...

Mageia: Security Advisory (MGASA-2016-0187)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:1538-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch products

Summary IBM Flex System Networking Switch products have addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM Flex System Networking Switch products have addressed the following vulnerabilities in libxml2. Vulnerability Details: CVE-ID: CVE-2016-3627 Description:...

Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Networking products

Summary IBM RackSwitch Networking products have addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM RackSwitch Networking products have addressed the following vulnerabilities in libxml2. Vulnerability Details: CVE-ID: CVE-2016-3627 Description: libxml2 is...

CVE-2016-9597

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705...

Stack overflow

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705...

Security Bulletin: IBM Security Access Manager for Mobile is affected by security vulnerabilities in libxml2

Summary Vulnerabilities have been identified in the libxml2 library, which is a development toolbox providing the implementation of various XML standards. IBM Security Access Manager for Mobile uses libxml2 and is affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-4448...

Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-3705)

Summary libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck and xmlParseAttValueComplex functions in parser.c. By persuading a victim to open a specially crafted XML file, a remote attacker could overflow a buffer and execute arbitrary...

Security Bulletin: Vulnerability in libxml2 affects IBM Streams (CVE-2016-3705)

Summary There is a vulnerability in libxml2 that is used by IBM Streams. IBM Streams has addressed this vulnerability. Vulnerability Details CVEID: CVE-2016-3705 DESCRIPTION: libxml2 is vulnerable to a stack-based buffer overflow, caused by an out-of-bounds read of xmlParserEntityCheck and...

Security Bulletin: IBM Cognos AnalyticsのLibxml2脆弱性について

Summary IBM Cognos Analytics 11.0.5.0で修正されている複数の脆弱性についてお知らせ致します。 IBM® WebSphere Application Server Libertyには複数のLibxml2 脆弱性が存在します。LibertyはCognos Analytics で使用されています。これらの問題はIBM WebSphere Application Server Libertyの更新の一部として公開されました。 ２つのクロスサイトスクリプティングに関する脆弱性も修正されています。 脆弱性の詳細につきましては、下記サイトをご覧ください。...

Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1

1:2.9.4.0.12.e905-alt1 built March 7, 2017 Dmitry V. Levin in task 179256 --- March 3, 2017 Dmitry V. Levin - v2.9.3-5-g65112cb - v2.9.4-12-ge905f08 fixes: CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627,...

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1

March 3, 2017 Dmitry V. Levin 1:2.9.4.0.12.e905-alt1 - v2.9.3-5-g65112cb - v2.9.4-12-ge905f08 fixes: CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4449, CVE-2016-4483, CVE-2016-4658,...

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1

March 3, 2017 Dmitry V. Levin 1:2.9.4.0.12.e905-alt1 - v2.9.3-5-g65112cb - v2.9.4-12-ge905f08 fixes: CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4449, CVE-2016-4483, CVE-2016-4658,...

F5 Networks BIG-IP : libxml2 vulnerabilities (K54225343)

CVE-2016-3627 The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document CVE-2016-3705 The 1...

Amazon Linux: Security Advisory (ALAS-2016-719)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...