6939 matches found
Advisory ROSA-SA-2021-1905
Software: libxml2 2.9.1 OS: Cobalt 7.9 CVE-ID: CVE-2013-0339 CVE-Crit: HIGH CVE-DESC: libxml2 before 2.9.1 does not handle external entity extension properly if the application developer does not use the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to...
Medium: libxml2
Issue Overview: There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. CVE-2021-3516 There's a flaw in libxml2. An attacke...
The vulnerability of the xz_head function in the xzlib.c component of the Libxml2 library, related to a lack of resource allocation mechanism, allows attackers to cause service failures.
The vulnerability of the xzhead function in the xzlib.c component of the Libxml2 library is related to the lack of memory constraints. Exploiting this vulnerability allows a remote attacker to cause a service failure through the use of a specially created LZMA file...
EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2021-2103)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML...
Amazon Linux 2 : libxml2 (ALAS-2021-1677)
The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1677 advisory. There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by xmllint could...
libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application...
libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...
Moderate: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c
There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability...
libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...
Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c CVE-2021-3517 libxml2...
RLSA-2021:2569 Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c CVE-2021-3517 libxml2...
libxml2 security update
An update is available for libxml2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...
ALSA-2021:2569 Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c CVE-2021-3517 libxml2...
RHEL 8 : libxml2 (RHSA-2021:2569)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2569 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free ...
openSUSE 15 Security Update : libxml2 (openSUSE-SU-2021:0886-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:0886-1 advisory. - A flaw exists in libxml2 which allows for an exponential entity expansion attack which can bypass existing protection mechanisms leading to a...
The vulnerability of the libxml2 library in operating systems such as iOS, iPadOS, macOS, tvOS, watchOS, the multimedia player iTunes, and the iCloud service allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the libxml2 library in iOS, iPadOS, macOS, tvOS, watchOS, the multimedia player iTunes, and the iCloud service arises due to a buffer overflow. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected...
The vulnerability of the libxml2 library in operating systems such as iOS, iPadOS, macOS, tvOS, watchOS, the multimedia player iTunes, and the iCloud service allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the libxml2 library in iOS, iPadOS, macOS, tvOS, watchOS, the multimedia player iTunes, and the iCloud service arises due to a buffer overflow. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected...
The vulnerability of the libxml2 library in operating systems such as iPhoneOS, tvOS, and watchOS allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the libxml2 library in iPhoneOS, tvOS, and watchOS operating systems is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...
Medium: libxml2
Issue Overview: GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. CVE-2020-24977 There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to...