Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-163)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-163 advisory. A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484 libxml2 Hashing of empty dict strings isn't deterministic. When hashing...

Improper Input Validation

laminas/laminas-diactoros is vulnerable to Improper input Validation. The vulnerability exists because single new line characters are used between header keys or values allowing an attacker to create invalid messages, which can cause different application errors due to the syntactically incorrect...

Upgraded Q -> 2 from #882 [1683052816154]

Judge has assessed an item in Issue 882 as 2 risk. The relevant finding follows: If royaltyFee 0 and recipient == address0 users will be overcharged --- The text was updated successfully, but these errors were encountered: All reactions...

The vulnerability of the Win32k.sys component of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Win32k.sys component of the Windows operating system is related to synchronization errors when using shared resources “Race Conditions”. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the SecurityRequestFilter class in network printing control software such as PaperCut MF and PaperCut NG allows a perpetrator to access user credentials.

The vulnerability of the SecurityRequestFilter class in network printing control software such as PaperCut MF and PaperCut NG is related to errors during authentication processes. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to user credentials...

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems allows a hacker to trigger a service failure.

The vulnerability of antivirus protection tools such as Avast Antivirus, AVG Antivirus, and Avira Security for Windows operating systems is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to cause service interruptions...

Amazon Linux 2 : libxml2 (ALAS-2023-2021)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2021 advisory. A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484...

Medium: libxml2

Issue Overview: A NULL pointer dereference exists when parsing invalid XML schemas in libxml2 xmlSchemaCheckCOSSTDerivedOK CVE-2023-28484 libxml2 Hashing of empty dict strings isn't deterministic. When hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce...

Race Condition leading to logging errors

In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Fixed in 5.3.3. In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different...

GHSA-HJP3-5G2Q-7JWW Race Condition leading to logging errors

In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Fixed in 5.3.3. In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different...

Debian dla-3405 : libxml2 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3405 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3405-1 [email protected]...

Race Condition leading to logging errors

In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Fixed in 5.3.3. In March, @convisoappsec noticed that the library in question had a Race Condition problem, which caused logs to be registered at times with different...

[SECURITY] [DLA 3405-1] libxml2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3405-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 30, 2023 https://wiki.debian.org/LTS -...

SUSE SLES12 Security Update : libxml2 (SUSE-SU-2023:2054-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2054-1 advisory. - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a...

Incorrect implementation of RecordParser.readKeyValue()

Lines of code Vulnerability details Impact RecordParser.readKeyValue returns a wrong value if the terminator not found. This is a fundamental library and any contract using it may experience unexpected errors and problems due to this bug. Proof of Concept The implementation logic of...

The vulnerability of the Windows Enroll Engine component in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows Enroll Engine component in Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

The vulnerability of the CNG Key Isolation service in Windows operating systems allows attackers to escalate their privileges.

The vulnerability of the CNG Key Isolation service in Windows operating systems is related to synchronization errors when using common resources. Exploiting this vulnerability can allow attackers to gain increased privileges...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1660)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vulnerability of Windows operating systems, related to errors in information representation by the user interface, allows attackers to perform spear-phishing attacks

The vulnerability of Windows operating systems is related to errors in information representation by the user interface. Exploiting this vulnerability allows attackers to perform spear-phishing attacks using a specially created malicious HTA file...

The vulnerability of the Windows Clip Service on Windows operating systems allows a perpetrator to escalate their privileges.

The vulnerability of the Windows Clip Service on Windows operating systems arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...