Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2514)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : libxml2 (EulerOS-SA-2023-2514)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a...

SUSE-SU-2023:2884-1 Security update for python310

This update for python310 fixes the following issues: - Make marshalling of set and frozenset deterministic bsc1211765 python310 was updated to 3.10.12: - urllib.parse.urlsplit now strips leading C0 control and space characters following the specification for URLs defined by WHATWG in response to...

EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2023-2360)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occur...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2386)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2316)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2023-2316)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occur...

Ubuntu 23.04 : libxml2 vulnerabilities (USN-6028-2)

The remote Ubuntu 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6028-2 advisory. USN-6028-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 23.04. Tenable has extracted the preceding description...

FreeBSD : electron -- vulnerability (b09d77d0-b27c-48ae-b69b-9641bb68b39e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b09d77d0-b27c-48ae-b69b-9641bb68b39e advisory. - An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML...

Debian dla-3405 : libxml2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3405 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3405-1 [email protected]...

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document xmlDictComputeFastKey in dict.c can produce non-deterministic values leading to various logic and memory errors such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string and any value is possible (not solely the '\0' value).

...

AZL-26282 CVE-2023-29469 affecting package libxml2 for versions less than 2.10.4-1

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

Double free

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

PT-2023-3193

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.10.4 Description The issue is related to the xmlDictComputeFastKey function in dict.c, which can produce non-deterministic values when hashing empty dict strings in a crafted XML document. This can lead to various...

CVE-2023-28503

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute ...

Cisco Adaptive Security Appliances Software 安全特征问题漏洞

Cisco Adaptive Security Appliances Software ASA Software is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides features such as highly secure access to data and network resources. A security vulnerability exists in Cisco Adaptive Security...

PT-2023-2257 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions prior to the fixed version Cisco Firepower Threat Defense FTD Software versions prior to the fixed version Description: The issue is related to the deterministic random bit generator DRB...