SUSE SLES15 / openSUSE 15 Security Update : libxml2 (SUSE-SU-2023:2048-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2048-1 advisory. - A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection...

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document xmlDictComputeFastKey in dict.c can produce non-deterministic values leading to various logic and memory errors such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string and any value is possible (not solely the '\0' value).

...

The vulnerability of microprogramming software in Hikvision Hybrid SAN storage systems, related to access control errors, allows attackers to elevate their privileges to the level of administrators.

The vulnerability of the microprogramming software of Hikvision Hybrid SAN storage systems is related to access control errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to elevate their privileges to the level of an administrator...

The vulnerability of the multi-platform web solution for creating Scada systems, Scada-LTS, related to authentication errors, allows a intruder to escalate their privileges.

The vulnerability of the multi-platform web solution for creating Scada systems is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

HTTP Multiline Header Termination

Impact Affected versions of Laminas Diactoros accepted a single line feed LF / \n character at the end of a header name. When serializing such a header name containing a line-feed into the on-the-wire representation of a HTTP/1.x message, the resulting message would be syntactically invalid, due ...

ALPINE-CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

AZL-26282 CVE-2023-29469 affecting package libxml2 for versions less than 2.10.4-1

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

Double free

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-29530

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

Design/Logic Flaw

Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-29469

libxml2 before 2.10.4 is affected by CVE-2023-29469 and CVE-2023-28484. The issue stems from hashing empty dict strings in crafted XML, leading to non-deterministic dict keys and memory errors such as double frees. Affected products include libxml2 implementations used in various stacks; upgrade ...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

The vulnerability in the implementation of the Internet Key Exchange (IKE) protocol in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Internet Key Exchange IKE protocol implementation in Windows operating systems is related to synchronization errors when using a common resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability affects the implementation of the Windows Network Protocol Point-to-Point Protocol over Ethernet (PPPoE) on Windows operating systems, allowing a hacker to execute arbitrary code.

The vulnerability of the Windows Network Protocol Point-to-Point Protocol over Ethernet PPPoE implementation in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

[SECURITY] [DSA 5391-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5391-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2023 https://www.debian.org/security/faq -...

Double Free

libxml2.so is vulnerable to Double Free. The initial byte of an empty string is used by xmlDictComputeFastKey to calculate a hash value, which is typically null-terminated but may be random if the string is a part of a bigger buffer, resulting in logic and memory errors, such as a double free...

The vulnerability of the autonomous server for modifying image file sizes and transformations, related to data type processing errors, allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the autonomous server for resizing and transforming image files in imgproxy is related to errors in data type processing. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially crafted SVG file...