Lucene search
K

214 matches found

OSV
OSV
added 2016/01/20 12:29 p.m.8 views

SUSE-SU-2016:0178-1 Security update for libxml2

This update for libxml2 fixes the following security issue: - CVE-2015-8710: Parsing short unclosed HTML comment could cause uninitialized memory access, which allowed remote attackers to read contents from previous HTTP requests depending on the application bsc960674...

9.8CVSS9.2AI score0.04925EPSS
Exploits0References3
OSV
OSV
added 2015/12/15 9:59 p.m.9 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

6.2AI score
Exploits0References25
OSV
OSV
added 2015/11/26 8:47 p.m.10 views

MGASA-2015-0457 Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerabilities: In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service CVE-2015-5312. In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to...

9.8CVSS6.9AI score0.0721EPSS
Exploits1References6
Mageia
Mageia
added 2015/11/02 8:21 p.m.43 views

Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerability: Crafted xml causes out of bound memory access in libxml2 due to a heap buffer-overflow in xmlParseConditionalSections in parser.c CVE-2015-7942...

6.8CVSS7.7AI score0.04737EPSS
Exploits1References3
OSV
OSV
added 2015/11/02 8:21 p.m.7 views

MGASA-2015-0423 Updated libxml2 packages fix security vulnerabilities

Updated libxml2 packages fix security vulnerability: Crafted xml causes out of bound memory access in libxml2 due to a heap buffer-overflow in xmlParseConditionalSections in parser.c CVE-2015-7942...

6.8CVSS6.3AI score0.04737EPSS
Exploits1References4
OSV
OSV
added 2014/10/23 1:27 p.m.11 views

MGASA-2014-0418 Updated libxml2 packages fix security vulnerability

A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denial of service bas...

5CVSS6AI score0.03988EPSS
Exploits1References3
OSV
OSV
added 2014/05/10 7:46 p.m.10 views

MGASA-2014-0214 Updated libxml2 packages fix CVE-2014-0191

Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...

4.3CVSS6.4AI score0.081EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2008/08/27 8:0 p.m.28 views

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

6.5CVSS6AI score0.02507EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2008/01/14 12:0 a.m.35 views

RHEL 2.1 / 3 / 4 / 5 : libxml2 (RHSA-2008:0032)

Updated libxml2 packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and writ...

5CVSS7.7AI score0.02566EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2008/01/11 12:27 p.m.39 views

Important: Red Hat Security Advisory: libxml2 security update

Updated libxml2 packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and writ...

5CVSS7.1AI score0.02566EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2004/11/12 4:46 p.m.49 views

Moderate: Red Hat Security Advisory: libxml2 security update

An updated libxml2 package that fixes multiple buffer overflows is now available. libxml2 is a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml2 versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP pro...

10CVSS6.3AI score0.21686EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.23 views

Mandrake Linux Security Advisory : libxml2 (MDKSA-2004:018)

A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi Teranishi. When fetching a remote source via FTP or HTTP, libxml2 uses special parsing routines that can overflow a buffer if passed a very long URL. In the event that the attacker can find a program that uses libxml2 which parses...

7.5CVSS6.2AI score0.24232EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2004/02/26 8:38 p.m.35 views

Moderate: Red Hat Security Advisory: libxml2 security update

Updated libxml2 packages that fix an overflow when parsing remote resources are now available. libxml2 is a library for manipulating XML files. Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing...

7.5CVSS6.4AI score0.24232EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2004/02/08 12:0 a.m.38 views

libxml2 stack buffer overflow in URI parsing

Yuuichi Teranishi reported a crash in libxml2's URI handling when a long URL is supplied. The implementation in nanohttp.c and nanoftp.c uses a 4K stack buffer, and longer URLs will overwrite the stack. This could result in denial-of-service or arbitrary code execution in applications using libxm...

7.5CVSS7.2AI score0.24232EPSS
Exploits0References2
Rows per page
Query Builder