14 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-5969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The...
Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-7376, CVE-2017-7375, CVE-2017-5969, CVE-2017-0663)
Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details CVEID: CVE-2017-7376 Descriptio...
SUSE: Security Advisory (SUSE-SU-2017:2701-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2211)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1
May 22, 2019 Alexey Shabalin 1:2.9.9.0.52.f824-alt1 - v2.9.4-12-ge905f08 - v2.9.9-52-gf824a4bd fixes: CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050, CVE-2017-5969, CVE-2018-14404, CVE-2018-9251, CVE-2018-14567...
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1
May 22, 2019 Alexey Shabalin 1:2.9.9.0.52.f824-alt1 - v2.9.4-12-ge905f08 - v2.9.9-52-gf824a4bd fixes: CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050, CVE-2017-5969, CVE-2018-14404, CVE-2018-9251, CVE-2018-14567...
Photon OS 1.0: Cairo / Go / Libxml2 / Openvswitch PHSA-2017-0039 (deprecated)
An update of cairo,openvswitch,libxml2,go packages for PhotonOS has been released. C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2/7/2019 The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2017-0039. The text itself is copyright C...
Security Bulletin: Rational Systems Tester is affected by Libxml2 vulnerabilities CVE-2016-9318, CVE-2017-5969, CVE-2017-7375 and CVE-2017-8872
Summary A new Libxml2 vulnerability was disclosed by the Libxml2 Project. Libxml2 is used by Rational Systems Tester. Rational Systems Tester has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-9318 DESCRIPTION: Llibxml2 could allow a remote attacker to obtain sensitive...
Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities
Summary The libxml2 library, used by IBM Streams may have security vulnerabilities. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7376 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by the incorrect limit used when calculating the port val...
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
Use-after-free error could lead to crash CVE-2016-4658. Use-after-free vulnerability in libxml2 through 2.9.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function CVE-2016-5131. libxml2 2.9.4 and earli...
Internet Bug Bounty: CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference)
I first reported this bug to the developers on 20 November 2015. A patch was finally committed on 7 June 2017 here. The caveat here is that this only happens in recover mode which the developers say no sane person should ever use in production and/or against untrusted inputs. A CVE was assigned i...
Null Pointer Dereference Through Libxml2
nokogiri uses the libxml2 C library. The version that nokogiri uses is vulnerable to CVE-2017-5969 which allows a malicious user to pass a file to the application, triggering a null pointer dereference causing it to crash...
CVE-2017-5969
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...
CVE-2017-5969
CVE-2017-5969 affects libxml2: a NULL pointer dereference in xmlSaveDoc when libxml2 is used in recover mode, enabling DoS via a crafted XML document. Connected IBM advisories confirm libxml2 is vulnerable in multiple IBM products (CMM, IMM2, Chassis/Streams/Cognos) and specify remediation via fi...