Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-9047)

A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlenbuf. If the content-type is...

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2020-7595)

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2023-39615)

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2017-9049)

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. This plugi...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-29824)

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

Siemens SIMATIC S7-1500 Loop with Unreachable Exit Condition (CVE-2018-14567)

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service infinite loop via a crafted XML file that triggers LZMAMEMLIMITERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. This plugin only works with Tenable.ot...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.5 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more...

Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2

...

SUSE CVE-2025-12863

This CVE was assigned for a libxml2 issue1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012note2608283...

ROS-20251111-01

A vulnerability in the libxml2 library for manipulating XML and HTML files is related to uncontrolled recursion during the XPath computation in the xmlXPathRunEval function in xpath.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the...

CVE-2025-49795 affecting package libxml2 for versions less than 2.10.4-9

CVE-2025-49795 affecting package libxml2 for versions less than 2.10.4-9. A patched version of the package is available...

Advisory ROSA-SA-2025-3073

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 unaffected versions = libxml2-2.9.7-21.0.1.rv30.3 affected versions libxml2-2.9.7-21.0.1.1.rv30.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...

Advisory ROSA-SA-2025-3065

Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 unaffected versions = libxml2-2.9.7-21.0.1.rv3.3 affected versions libxml2-2.9.7-21.0.1.1.rv3.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...

Advisory ROSA-SA-2025-3054

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.1 unaffected versions = libxml2-2.9.7-21.0.1.rv31.3 affected versions libxml2-2.9.7-21.0.1.1.rv31.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...

Mageia: Security Advisory (MGASA-2025-0269)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2025-3048

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.1 unaffected versions = libxml2-2.9.7-21.0.1.rv31.3 affected versions libxml2-2.9.7-21.0.1.1.rv31.3 CVE-ID: CVE-2016-3709 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to...

MGASA-2025-0269 Updated libxml2 & libxslt packages fix security vulnerabilities

Heap use after free UAF leads to Denial of service DoS. CVE-2025-49794 Null pointer dereference leads to Denial of service DoS. CVE-2025-49795 Type confusion leads to Denial of service DoS. CVE-2025-49796 Integer Overflow Leading to Buffer Overflow in xmlBuildQName. CVE-2025-6021 Stack-based Buff...

Updated libxml2 & libxslt packages fix security vulnerabilities

Heap use after free UAF leads to Denial of service DoS. CVE-2025-49794 Null pointer dereference leads to Denial of service DoS. CVE-2025-49795 Type confusion leads to Denial of service DoS. CVE-2025-49796 Integer Overflow Leading to Buffer Overflow in xmlBuildQName. CVE-2025-6021 Stack-based Buff...

Linux Distros Unpatched Vulnerability : CVE-2025-12863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the xmlSetTreeDoc function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes ar...

DEBIAN-CVE-2025-12863

A flaw was found in the xmlSetTreeDoc function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory regi...