29 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-15412
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap...
Debian: Security Advisory (DLA-1211-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2017-15412
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service due to CVE-2017-15412 and CVE-2016-5131
Summary libxml2 is not used directly by IBM App Connect Enterprise Certified Container but is present in the base operating system packages. IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution and denial of service. This bulletin provides patch information...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.18)
The version of AOS installed on the remote host is prior to 5.18. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.18 advisory. - When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats A...
SUSE: Security Advisory (SUSE-SU-2018:0395-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities
Summary IBM MQ Appliance has addressed multiple libxml2 vulnerabilities. Vulnerability Details CVEID: CVE-2015-8035 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by the failure to properly detect compression errors by the xzdecomp function. By using specially-crafted XML data,...
Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)
libxml2: Use after free triggered by XPointer paths beginning with range-to libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate function in xpath.c libxml2: DoS caused by incorrect error detection during XZ decompression libxml2: NULL pointer dereference in xmlXPathCompOpEval functio...
libxml2 security update
CentOS Errata and Security Advisory CESA-2020:1190 An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1211)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1007)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.5.4 : libxml2 (EulerOS-SA-2019-1211)
According to the version of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacke...
About the security content of tvOS 11.3 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...
CVE-2017-15412
CVE-2017-15412 is a use-after-free in libxml2 (affected before 2.9.5) used by Chrome and other products, potentially enabling heap corruption via crafted HTML. Connected advisories also reference CVE-2018-14404 (NULL pointer dereference in xmlXPathCompOpEval) affecting libxml2 up to 2.9.8 during ...
openSUSE Security Update : libxml2 (openSUSE-2018-154)
This update for libxml2 fixes three security issues : - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE bsc1077993 - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote attackers to cause...
SUSE SLES11 Security Update : libxml2 (SUSE-SU-2018:0395-1)
This update for libxml2 fixes several issues. Theses security issues were fixed : - CVE-2017-16932: Fixed infinite recursion could lead to an infinite loop or memory exhaustion when expanding a parameter entity in a DTD bsc1069689. - CVE-2017-15412: Prevent use after free when calling XPath...
SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:0401-1)
This update for libxml2 fixes one issue. This security issue was fixed : - CVE-2017-15412: Prevent use after free when calling XPath extension functions that allowed remote attackers to cause DoS or potentially RCE bsc1077993 - CVE-2016-5131: Use-after-free vulnerability in libxml2 allowed remote...
Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 security update
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link...
Copy-Paste Vulnerability Through LibXML2
Nokogiri and Chef are vulnerable to attacks through a copied version of LibXML2 within the codebase. LibXML2 before 2.9.5 is vulnerable to CVE-2017-15412 - LibXML2 contains a use-after-free bug in the xmlXPathCompOpEvalPositionPredicate method in xpath.c...
Fedora 27 : chromium (2017-c2645aa935)
Security fix for CVE-2017-15412 CVE-2017-15422 CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15423 CVE-2017-15424 CVE-2017-15425 CVE-2017-15426...