29 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.19 LTS and 12.19.0 address the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map', leading to stack exhaustion and a local denial of service...
SUSE CVE-2025-12863
This CVE was assigned for a libxml2 issue1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012note2608283...
EUVD-2017-16048
Malware in sbrugna...
RHEL 8 : libxml2 (RHSA-2025:13688)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13688 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Out-of-bounds Read in...
Linux Distros Unpatched Vulnerability : CVE-2025-49794
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the...
Multiple Rocky Linux updates applied to Brocade SANnav OVA 2.4.0a
Multiple Rocky Linux updates applied to Brocade SANnav base OS OVA deployment 2.4.0a RockyLinux 8: bind RLSA-2024:5524 BIND's database will be slow if a very large number of RRs exist at the same name CVE-2024-1737 SIG0 can be used to exhaust CPU resources CVE-2024-1975 RockyLinux 8: bind...
Important: libxml2
Issue Overview: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input. CVE-2025-6021 Affected Packages:...
CVE-2025-49794
CVE-2025-49794 affects libxml2. A memory-safety use-after-free in libxml2 can occur when parsing XPath elements with certain schematron sch:name patterns, potentially crashing the program or causing undefined behavior. The CVSS vectors indicate a critical severity (I/H, A/H) with network access a...
Medium: libxml2
Issue Overview: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...
Linux Distros Unpatched Vulnerability : CVE-2024-56171
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit...
Linux Distros Unpatched Vulnerability : CVE-2015-7498
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service v...
Linux Distros Unpatched Vulnerability : CVE-2016-1835
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remot...
Linux Distros Unpatched Vulnerability : CVE-2015-5312
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers...
Linux Distros Unpatched Vulnerability : CVE-2016-1836
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before...
Linux Distros Unpatched Vulnerability : CVE-2015-7497
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of...
Linux Distros Unpatched Vulnerability : CVE-2018-14404
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in...
Linux Distros Unpatched Vulnerability : CVE-2015-7500
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service out-of-bounds heap read via...
Linux Distros Unpatched Vulnerability : CVE-2015-7499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context- dependent attackers to obtain sensitive process memory...
Linux Distros Unpatched Vulnerability : CVE-2017-9050
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes program...