19 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-16931
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '...
Medium: libxml2
Issue Overview: parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. CVE-2017-16931 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2018-1089)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : libxml2 (ALAS-2019-1301)
xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free an...
Medium: libxml2
Issue Overview: xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service...
Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows (CVE-2017-16931, CVE-2017-16932)
Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerabilities in libxml2. Vulnerability Details Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerabilities in libxml...
EulerOS Virtualization 2.5.0 : libxml2 (EulerOS-SA-2018-1258)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary co...
EulerOS Virtualization 2.5.1 : libxml2 (EulerOS-SA-2018-1257)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary co...
EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1156)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial ...
Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM InfoSphere Identity Insight.
Summary Vulnerabilities have been addressed in the Libxml2 component of IBM InfoSphere Identity Insight. Vulnerability Details CVEID: CVE-2017-16932 DESCRIPTION: Xmlsoft libxml2 is vulnerable to a denial of service, caused by an infinite recursion issue in parameter entities. By sending a...
Debian DLA-1194-1 : libxml2 security update
CVE-2017-16931 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. CVE-2017-16932 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in paramet...
[SECURITY] [DLA 1194-1] libxml2 security update
Package : libxml2 Version : 2.8.0+dfsg1-7+wheezy11 CVE ID : CVE-2017-16931 CVE-2017-16932 CVE-2017-16931 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a % character in a DTD name...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
Copy-paste Vulnerability Through LibXML2
Nokogiri and chef are vulnerable to attacks through a copied version of LibXML2 within the codebase. LibXML2 before 2.9.5 is vulnerable to the following CVEs: 1 CVE-2017-16931 - LibXML2 incorrectly handles parameter-entity references in parser.c. 2 CVE-2017-16932 - LibXML2 can enter an infinite...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
CVE-2017-16931
CVE-2017-16931 affects libxml2 (parser.c) prior to version 2.9.5, where parameter-entity references are mishandled: the NEXTL macro calls xmlParserHandlePEReference for a '%' in a DTD name, enabling a buffer overflow and potential remote code execution. The connected details confirm the vulnerabl...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...
CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...