Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.5 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1)

The version of AHV installed on the remote host is prior to AHV-10.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1 advisory. - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.9)

The version of AOS installed on the remote host is prior to 6.10.1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.9 advisory. - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.0.1.8)

The version of AOS installed on the remote host is prior to 7.0.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.0.1.8 advisory. - setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path...

Security Bulletin: A security vulnerability has been discovered in IBM Verify Identity Access OIDC Provider (CVE-2024-56171)

Summary A security vulnerability has been addressed in IBM Verify Identity Access OIDC Provider Vulnerability Details CVEID:CVE-2024-56171 DESCRIPTION: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in...

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

FreeBSD : libxml2 -- Use After Free (bd2af307-3e50-11f0-95d4-00a098b42aeb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd2af307-3e50-11f0-95d4-00a098b42aeb advisory. [email protected] reports: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8.1.8)

The version of AOS installed on the remote host is prior to 6.8.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8.1.8 advisory. - BZ2decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. CVE-2019-129...

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libxml2, Go JOSE and FreeType

Summary libxml2, Go JOSE, FreeType and IBM MQ used by IBM MQ Operator and Queue Manager container images are vulnerable to memory exhaustion and a Denial of Service by sending numerous malformed tokens, and arbitrary code execution by writing up to 6 signed long integers out of bounds. This...

AIX (IJ54059)

The version of AIX installed on the remote host is prior to APAR IJ54059. It is, therefore, affected by a vulnerability as referenced in the IJ54059 advisory. - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. CVE-2022-49043 Note that Nessus has not tested for this...

macOS 15.x < 15.4 Multiple Vulnerabilities (122373)

The remote host is running a version of macOS / Mac OS X that is 15.x prior to 15.4. It is, therefore, affected by multiple vulnerabilities: - executefilterdelta in archivereadsupportformatrar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move...

RHEL 8 : libxml2 (RHSA-2025:2660)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2660 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-After-Free ...

RHEL 9 : libxml2 (RHSA-2025:2679)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:2679 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-After-Free ...

CVE-2024-56171

A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...

CVE-2022-49043

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free...

openSUSE: Security Advisory for libxml2 (SUSE-SU-2023:4537-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K32760744: libxml2 vulnerability CVE-2022-23308

Security Advisory Description valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Impact The security impact of xmlGetID returning a pointer to freed memory depends on the application and mostly results in denial-of-service DoS. The typical use case of...