6939 matches found
[SECURITY] [DLA 2653-1] libxml2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2653-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 10, 2021 https://wiki.debian.org/LTS -...
[SECURITY] Fedora 34 Update: libxml2-2.9.10-12.fc34
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
DLA-2653-1 libxml2 - security update
Bulletin has no description...
OPENSUSE-SU-2021:0692-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal bsc1185410. - CVE-2021-3516: Fixed a use after free in...
Security update for libxml2 (moderate)
openSUSE Security Update: Security update for libxml2 Announcement ID: openSUSE-SU-2021:0692-1 Rating: moderate References: 1185408 1185409 1185410 Cross-References: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVSS scores: CVE-2021-3516 SUSE: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service. The vulnerability exists because of heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c...
Arbitrary Code Execution
libxml2 is vulnerable to arbitrary code execution. A use-after-free occurs in xmllint when --html and --push options are used, allowing an attacker to execute arbitrary code on the host OS by submitting malicious files...
Remote Code Execution (RCE)
libxml2 is vulnerable to remote code execution. The vulnerability exists due to a use after free in libxml2 in xmlXIncludeDoProcess in xinclude.c...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service. It is due to a NULL pointer dereference when post-validating mix content parsed in recovery mode...
SUSE SLES12 Security Update : libxml2 (SUSE-SU-2021:1524-1)
This update for libxml2 fixes the following issues : CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. CVE-2021-3517: Fixed a heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal bsc1185410. CVE-2021-3516: Fixed a use after free in...
SUSE SLED15 / SLES15 Security Update : libxml2 (SUSE-SU-2021:1523-1)
This update for libxml2 fixes the following issues : CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. CVE-2021-3517: Fixed a heap-based buffer overflow in entities.c:xmlEncodeEntitiesInternal bsc1185410. CVE-2021-3516: Fixed a use after free in...
libxml2 缓冲区错误漏洞
libxml2 is a library written in C for parsing XML documents . A buffer overflow vulnerability exists in entities.c in libxml2, which can be exploited by an attacker to cause a buffer overflow or heap overflow...
libxml2 资源管理错误漏洞
libxml2 is an open source library used to parse XML documents . It is written in C, and can be called for a variety of languages , such as C, C++, XSH. A resource management error vulnerability exists in libxml2 versions prior to 2.9.11. This vulnerability can be exploited to trigger post-release...
Vulnerabilities fixed in libxml2
Several vulnerabilities have been fixed in libxml2. A malicious party could potentially exploit the vulnerabilities to cause a Denial-of-Service in an application that uses of this library by submitting a rogue XML file for processing. submit. -= SUSE =- SUSE has made updates available to fix the...
libxml2 资源管理错误漏洞
libxml2 is an open source library used to parse XML documents . It is written in C, and can be called by a variety of languages, such as C, C++, XSH. A resource management error vulnerability exists in entities.c in libxml2, which arises from mismanagement of system resources e.g., memory, disk...
CVE-2021-3537
A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in recovery mode and post validated. The highest threat from this vulnerability is to system...
SUSE-SU-2021:1524-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal bsc1185410. - CVE-2021-3516: Fixed a use after free in...
SUSE-SU-2021:1523-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess bsc1185408. - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal bsc1185410. - CVE-2021-3516: Fixed a use after free in...
libxml2 代码问题漏洞
libxml2 is a software library for parsing XML documents. A null pointer dereference vulnerability exists in libxml2 versions prior to 2.9.11. An attacker can exploit this vulnerability to crash a program via a specially crafted XML document...
PT-2021-4589
Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.11 Description The issue is related to the libxml2 library's parser component, which fails to propagate errors when parsing XML content. This can be exploited by a remote attacker using a specially crafted XML...