Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in GNOME libxml2 (CVE-2016-3709)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to cross-site scripting in GNOME libxml2 caused by improper validation of user-supplied input by the KippoInput.class.php script. CVE-2016-3709. GNOME libxml2 is included as part of the Base OS used by our servi...

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Freedesktop D-Bus is used by IBM Robotic Process Automation as part of container base images CVE-2022-42010, CVE-2022-42011, CVE-2022-42012. GNU Libtasn1 is used by IBM Robotic Process Automation as...

CBL Mariner 2.0 Security Update: libxslt / libxml2 (CVE-2022-29824)

The version of libxslt / libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-29824 advisory. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer...

PT-2023-35721 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves functions such as xmlParseEntityDecl,...

PT-2023-35720 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a global buffer overflow read. The crash state involves functions such as xmlStrndup, htmlParseSystemLiteral, a...

Amazon Linux 2 : libxml2 (ALAS-2023-1996)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1996 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser...

Medium: xmlsec1

Issue Overview: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a...

Medium: libxml2

Issue Overview: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow,...

Amazon Linux 2023 : xmlsec1, xmlsec1-devel, xmlsec1-openssl (ALAS2023-2023-097)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-097 advisory. An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in ...

Amazon Linux 2023 : python3-lxml (ALAS2023-2023-034)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-034 advisory. There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-096)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-096 advisory. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the...

CBL Mariner 2.0 Security Update: libxml2 / python-lxml (CVE-2022-2309)

The version of libxml2 / python-lxml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2309 advisory. - NULL Pointer Dereference allows attackers to cause a denial of service or application crash...

CBL Mariner 2.0 Security Update: libxml2 (CVE-2022-40303)

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-40303 advisory. - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the...

PT-2023-35719 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a global buffer overflow read. The crash occurs in the xmlParseContentInternal, xmlParseExternalEntityPrivate,...

PT-2023-35717 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. It involves the htmlParseChunk function in the html.c file. No...

PT-2023-35710 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves several functions: xmlParseContentInternal,...

PT-2023-35705 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a global buffer overflow read. The crash occurs in the following functions: xmlNextChar, htmlParseStartTag, and...

PT-2023-35708 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves functions such as xmlSkipBlankChars,...

PT-2023-35695 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves functions such as htmlCurrentChar,...

EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2023-1510)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, sever...