6939 matches found
openSUSE: Security Advisory for libxml2 (openSUSE-SU-2021:0764-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
FreeBSD : libxml2 -- Possible denial of service (524bd03a-bb75-11eb-bf35-080027f515ea)
Daniel Veillard reports : A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...
Billion Laugh Attack
libxml2:sid is vulnerable to billion laugh attack via parameter entities expansion and following the line of the billion laugh attack...
OPENSUSE-SU-2021:0764-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel bsc1185698 - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. - CVE-2021-3517: Fixed a heap based buffer overflow in...
Security update for libxml2 (important)
openSUSE Security Update: Security update for libxml2 Announcement ID: openSUSE-SU-2021:0764-1 Rating: important References: 1185408 1185409 1185410 1185698 Cross-References: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVSS scores: CVE-2021-3516 SUSE: 5.9...
libxml2 Resource Management Error Vulnerability
libxml2 is an open source library used to parse XML documents . It is written in C, and can be called for a variety of languages , such as C, C++, XSH. A resource management error vulnerability exists in libxml2 versions prior to 2.9.11. This vulnerability can be exploited to trigger post-release...
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
...
SUSE SLES12 Security Update : libxml2 (SUSE-SU-2021:1658-1)
This update for libxml2 fixes the following issues : Security issues fixed : - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel bsc1185698 CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. CVE-2021-3517: Fixed a heap-based buffer...
SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2021:1654-1)
This update for libxml2 fixes the following issues : CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel bsc1185698 CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. CVE-2021-3517: Fixed a heap-based buffer overflow in...
MGASA-2021-0213 Updated libxml2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Use-after-free in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3516 Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3517 Use-after-free in xmlXIncludeDoProcess in xinclude.c. CVE-2021-3518 NULL pointer...
Updated libxml2 packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Use-after-free in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3516 Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c. CVE-2021-3517 Use-after-free in xmlXIncludeDoProcess in xinclude.c. CVE-2021-3518 NULL pointer...
SUSE-SU-2021:1658-1 Security update for libxml2
This update for libxml2 fixes the following issues: Security issues fixed: CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel bsc1185698 - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. - CVE-2021-3517: Fixed a heap based buffer...
SUSE-SU-2021:1654-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel bsc1185698 - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. - CVE-2021-3517: Fixed a heap based buffer overflow in...
SUSE-SU-2021:14729-1 Security update for libxml2
This update for libxml2 fixes the following issues: Security issues fixed: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel bsc1185698 - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. - CVE-2021-3517: Fixed a heap based buffer...
CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...
CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...
DEBIAN-CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...
ALPINE-CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...
Out-of-bounds
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...
UBUNTU-CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...