6887 matches found
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
AZL-54657 CVE-2024-40896 affecting package libxml2 for versions less than 2.11.5-2
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
UBUNTU-CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
Amazon Linux 2 : libxml2 (ALAS-2024-2717)
The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2717 advisory. An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
CVE-2024-40896
CVE-2024-40896 affects libxml2 prior to 2.11.9, 2.12 prior to 2.12.9, and 2.13 prior to 2.13.3. The SAX parser can emit events for external entities even when custom SAX handlers try to override content (via checked), enabling classic XXE attacks. Connected sources reiterate the same vulnerabilit...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
CVE-2024-40896
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...
Medium: libxml2
Issue Overview: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459 Affected Packages: libxml2 Note: This advisory is...
Medium: libxml2
Issue Overview: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459 Affected Packages: libxml2 Note: This advisory is...
CLSA-2024-1734535703 php: Fix of CVE-2023-3823
CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing...
CLSA-2024-1734368396 Update of libxml2
Version was updated...
PT-2025-6723
Name of the Vulnerable Software and Affected Versions libxml2 versions 2.12.10 and earlier, 2.13.x versions prior to 2.13.6 Description The issue is related to a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document...
Medium: libxml2
Issue Overview: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459 Affected Packages: libxml2 Issue Correction: Run dnf...
Medium: libxml2
Issue Overview: An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c. CVE-2024-34459 Affected Packages: libxml2 Issue Correction: Run dnf...
Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2024-783)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-783 advisory. An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in...
Fedora 41 : mingw-libxml2 (2024-6ac71752a4)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-6ac71752a4 advisory. Automatic update for mingw-libxml2-2.12.7-1.fc41. Changelog Thu May 16 2024 Richard W.M. Jones - 2.12.7-1 - Update to 2.12.7 RHBZ2280535, CVE-2024-34459...
Fedora 37 : libxml2 / xmlsec1 (2022-a6812b0224)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-a6812b0224 advisory. Update to 2.10.3 Fix CVE-2022-40303 Fix CVE-2022-40304 Tenable has extracted the preceding description block directly from the Fedora security...