CentOS 9 : libxml2-2.9.13-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libxml2-2.9.13-5.el9 build changelog. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerabili...

Security Bulletin: Vulnerabilities in libxml2 library (CVE-2023-28484, CVE-2023-29469) affect Power HMC.

Summary The libxml2 library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-28484 DESCRIPTION: GNOME libxml2 is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the xmlSchemaFixupComplexTy...

OESA-2024-1414 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

ROS-20240410-16

A vulnerability in the xmlValidatePopElement function of the XML Reader Interface component of the Libxml2 library is related to the memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service using a specially...

EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2024-1489)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...

EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2024-1510)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1510)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1489)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6658-1: libxml2 vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute...

PT-2024-40677 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, specifically a READ 8 crash type. The crash state involves functions such as xmlCopyPropInternal,...

EulerOS Virtualization 2.11.1 : libxml2 (EulerOS-SA-2024-1403)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in...

EulerOS Virtualization 2.11.0 : libxml2 (EulerOS-SA-2024-1431)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1403)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1431)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K000138957: Libxml2 vulnerability CVE-2023-39615

Security Advisory Description Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that...

Duplicate Advisory: Use-after-free in libxml2 via Nokogiri::XML::Reader

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xc9x-jj77-9p9j. This link is maintained to preserve external references. Original Description Summary Nokogiri upgrades its dependency libxml2 as follows: - v1.15.6 upgrades libxml2 to 2.11.7 from 2.11.6 - v1.16...

GHSA-VCC3-RW6F-JV97 Duplicate Advisory: Use-after-free in libxml2 via Nokogiri::XML::Reader

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xc9x-jj77-9p9j. This link is maintained to preserve external references. Original Description Summary Nokogiri upgrades its dependency libxml2 as follows: - v1.15.6 upgrades libxml2 to 2.11.7 from 2.11.6 - v1.16...

libxml2: crafted xml can cause global buffer overflow

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

Moderate: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security update

Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

libxml2: use-after-free in XMLReader

A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...