ALSA-2022:8226 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: lxml: NULL Pointer Dereference in lxml CVE-2022-2309 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: lxml: NULL Pointer Dereference in lxml CVE-2022-2309 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

libxml2 xmlParseNameComplex Integer Overflow

libxml2: Integer overflow in xmlParseNameComplex libxml2 is vulnerable to an integer overflow in xmlParseNameComplex when an attribute list has a very long name name is = 232 characters. static const xmlChar xmlParseNameComplexxmlParserCtxtPtr ctxt int len = 0, l; ... return xmlDictLookupctxt-dic...

[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37

XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption"...

[SECURITY] Fedora 37 Update: libxml2-2.10.3-2.fc37

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

Fedora: Security Advisory for libxml2 (FEDORA-2022-a6812b0224)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AlmaLinux 8 : libxml2 (ALSA-2022:7715)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7715 advisory. - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. CVE-2016-3709 Note that Nessus has not tested for this issue but has instead relied...

Apple addresses the macOS code execution flaws

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary MacOS Ventura contains two security flaws that can be exploited to cause an integer overflow and execute arbitrary code. The CVE-2022-40303 vulnerability exists as a result of an integer overflow ...

OESA-2022-2082 libxml2 security update

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

The vulnerability of the object-cleaning function in the XML analysis library libxml2 allows a attacker to cause a service failure.

The vulnerability of the object-cleaning function in the XML library for analyzing XML documents, libxml2, is related to double memory deallocation when processing dict objects, where the first byte of the structure equals zero. Exploiting this vulnerability can allow an attacker to cause service...

Tenable Nessus < 10.3.1 Multiple Vulnerabilities (TNS-2022-20)

Tenable Nessus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessus"; ifdescripti...

ROS-20221110-01

A vulnerability in the libxml2 XML document parsing library is related to an integer overflow in parse.c during content processing when the XMLPARSEHUGE parameter is set. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to the application,...

macOS 13.x < 13.0.1 Multiple Vulnerabilities (HT213504)

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.0.1. It is, therefore, affected by multiple vulnerabilities: - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several intege...

Tenable Nessus 8.x < 8.15.7 Multiple Vulnerabilities (TNS-2022-26)

According to its self-reported version, the Tenable Nessus application running on the remote host is 8.x prior to 8.15.7. It is, therefore, affected by multiple vulnerabilities, including: - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 - zlib...

CentOS 8 : libxml2 (CESA-2022:7715)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:7715 advisory. - libxml2: Incorrect server side include parsing can lead to XSS CVE-2016-3709 Note that Nessus has not tested for this issue but has instead relied only on the...

About the security content of macOS Ventura 13.0.1

About the security content of macOS Ventura 13.0.1 This document describes the security content of macOS Ventura 13.0.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

About the security content of iOS 16.1.1 and iPadOS 16.1.1

About the security content of iOS 16.1.1 and iPadOS 16.1.1 This document describes the security content of iOS 16.1.1 and iPadOS 16.1.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...

Mageia: Security Advisory (MGASA-2022-0412)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : libxml2 (RHSA-2022:7715)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7715 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Incorrect server side...

MGASA-2022-0412 Updated libxml2 packages fix security vulnerability

Integer overflows with XMLPARSEHUGE. CVE-2022-40303 Dict corruption caused by entity reference cycles. CVE-2022-40304...