Lucene search
K

6939 matches found

Rosalinux
Rosalinux
added 2021/07/02 5:25 p.m.30 views

Advisory ROSA-SA-2021-1905

Software: libxml2 2.9.1 OS: Cobalt 7.9 CVE-ID: CVE-2013-0339 CVE-Crit: HIGH CVE-DESC: libxml2 before 2.9.1 does not handle external entity extension properly if the application developer does not use the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to...

9.8CVSS8.8AI score0.06908EPSS
Exploits1
Amazon
Amazon
added 2021/07/02 12:0 a.m.75 views

Medium: libxml2

Issue Overview: There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. CVE-2021-3516 There's a flaw in libxml2. An attacke...

8.8CVSS7.8AI score0.03653EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2021/07/02 12:0 a.m.6 views

The vulnerability of the xz_head function in the xzlib.c component of the Libxml2 library, related to a lack of resource allocation mechanism, allows attackers to cause service failures.

The vulnerability of the xzhead function in the xzlib.c component of the Libxml2 library is related to the lack of memory constraints. Exploiting this vulnerability allows a remote attacker to cause a service failure through the use of a specially created LZMA file...

6.5CVSS6.6AI score0.02706EPSS
Exploits0References11Affected Software4
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.92 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2021-2103)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML...

8.8CVSS7.1AI score0.0828EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/07/01 12:0 a.m.77 views

Amazon Linux 2 : libxml2 (ALAS-2021-1677)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1677 advisory. There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could...

8.8CVSS7.2AI score0.03653EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2021/06/29 4:38 p.m.5 views

libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c

There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application...

8.6CVSS7.1AI score0.0828EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/06/29 4:38 p.m.8 views

libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

6.5CVSS7.1AI score0.01861EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/06/29 4:38 p.m.92 views

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS7AI score0.0828EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2021/06/29 4:38 p.m.6 views

libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c

There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability...

8.8CVSS7.1AI score0.03653EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/06/29 4:38 p.m.9 views

libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode

A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...

5.9CVSS7.1AI score0.03503EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2021/06/29 1:42 p.m.87 views

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c CVE-2021-3517 libxml2...

8.8CVSS8.4AI score0.0828EPSS
Exploits1References5
OSV
OSV
added 2021/06/29 1:42 p.m.30 views

RLSA-2021:2569 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c CVE-2021-3517 libxml2...

8.6CVSS7.8AI score0.0828EPSS
Exploits1References6
Rockylinux
Rockylinux
added 2021/06/29 1:42 p.m.43 views

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...

8.8CVSS8.4AI score0.0828EPSS
Exploits1
OSV
OSV
added 2021/06/29 1:42 p.m.50 views

ALSA-2021:2569 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c CVE-2021-3517 libxml2...

8.8CVSS7.8AI score0.0828EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2021/06/29 12:0 a.m.78 views

RHEL 8 : libxml2 (RHSA-2021:2569)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2569 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free ...

8.8CVSS7.8AI score0.0828EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2021/06/28 12:0 a.m.40 views

openSUSE 15 Security Update : libxml2 (openSUSE-SU-2021:0886-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:0886-1 advisory. - A flaw exists in libxml2 which allows for an exponential entity expansion attack which can bypass existing protection mechanisms leading to a...

6.5CVSS7.2AI score0.01861EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/06/23 12:0 a.m.5 views

The vulnerability of the libxml2 library in operating systems such as iOS, iPadOS, macOS, tvOS, watchOS, the multimedia player iTunes, and the iCloud service allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libxml2 library in iOS, iPadOS, macOS, tvOS, watchOS, the multimedia player iTunes, and the iCloud service arises due to a buffer overflow. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected...

10CVSS8.2AI score0.01641EPSS
Exploits0References9Affected Software7
BDU FSTEC
BDU FSTEC
added 2021/06/23 12:0 a.m.4 views

The vulnerability of the libxml2 library in operating systems such as iOS, iPadOS, macOS, tvOS, watchOS, the multimedia player iTunes, and the iCloud service allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libxml2 library in iOS, iPadOS, macOS, tvOS, watchOS, the multimedia player iTunes, and the iCloud service arises due to a buffer overflow. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected...

10CVSS8.2AI score0.01639EPSS
Exploits0References9Affected Software8
BDU FSTEC
BDU FSTEC
added 2021/06/23 12:0 a.m.3 views

The vulnerability of the libxml2 library in operating systems such as iPhoneOS, tvOS, and watchOS allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libxml2 library in iPhoneOS, tvOS, and watchOS operating systems is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...

10CVSS7.2AI score0.08628EPSS
Exploits0References7Affected Software5
Amazon
Amazon
added 2021/06/23 12:0 a.m.89 views

Medium: libxml2

Issue Overview: GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. CVE-2020-24977 There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to...

8.6CVSS7.9AI score0.0828EPSS
Exploits1
Rows per page
Query Builder