EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2023-1106)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, sever...

EulerOS Virtualization 3.0.2.6 : libxml2 (EulerOS-SA-2023-1057)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 Note that Tenable Network...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-1041)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, sever...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-1016)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, sever...

Amazon Linux 2 : libxml2 (ALAS-2021-1662)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1662 advisory. GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, IBM WebSphere Application Server Liberty and various other libraries. Vulnerability Details CVEID:CVE-2022-3171 DESCRIPTION: protobuf-java core and lite are vulnerable to a denial ...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2022-2941)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : python-lxml (EulerOS-SA-2022-2941)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is...

The vulnerability in the implementation of the xmlSnprintfElementContent() function in the libxml2 library allows a attacker to cause a service failure.

The vulnerability of the xmlSnprintfElementContent function implementation in the libxml2 library is related to the escape of the operation beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

The vulnerability in the implementation of the xmlSnprintfElementContent() function in the libxml2 library allows a attacker to cause a service failure.

The vulnerability of the xmlSnprintfElementContent function implementation in the libxml2 library is related to the escape of the operation beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

Fedora 36 : libxml2 / xmlsec1 (2022-aeafd24818)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-aeafd24818 advisory. Update to 2.10.3 Fix CVE-2022-40303 Fix CVE-2022-40304 Tenable has extracted the preceding description block directly from the Fedora security...

NewStart CGSL MAIN 6.02 : libxml2 Multiple Vulnerabilities (NS-SA-2022-0104)

The remote NewStart CGSL host, running version MAIN 6.02, has libxml2 packages installed that are affected by multiple vulnerabilities: - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 - In libxml2 before 2.9.14, several buffer handling functions ...

Security Bulletin: Multiple Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-37434 DESCRIPTION: zlib is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by inflate in inflate.c. By usi...

Security Bulletin: Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2022-26612 DESCRIPTION: Apache Hadoop for Windows could allow a remote attacker to bypass security restrictions, caused by the use of an...

VulnCheck KEV: CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

VulnCheck KEV: CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

About the security content of macOS Monterey 12.6.2

About the security content of macOS Monterey 12.6.2 This document describes the security content of macOS Monterey 12.6.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

Amazon Linux 2022 : libxml2 (ALAS2022-2022-258)

The version of libxml2 installed on the remote host is prior to 2.10.3-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-258 advisory. - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE...

CVE-2022-40304 affecting package libxml2 for versions less than 2.10.3-1

CVE-2022-40304 affecting package libxml2 for versions less than 2.10.3-1. An upgraded version of the package is available that resolves this issue...

Amazon Linux 2022 : xmlsec1 (ALAS2022-2022-257)

The version of xmlsec1 installed on the remote host is prior to 1.2.33-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-257 advisory. - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE...