Lucene search
K

6939 matches found

CVE
CVE
added 2014/11/04 4:0 p.m.246 views

CVE-2014-3660

CVE-2014-3660 affects libxml2: parser.c allowed excessive entity expansion (billion laughs) even when entity substitution is disabled, enabling DoS via crafted XML. Public details confirm the vulnerability in libxml2 up to versions before 2.9.2. Affected component is the XML parser (parser.c) in ...

5CVSS5.9AI score0.03988EPSS
Exploits1References23Affected Software1
Debian CVE
Debian CVE
added 2014/11/04 4:0 p.m.36 views

CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...

5CVSS6.7AI score0.03988EPSS
Exploits1
Cvelist
Cvelist
added 2014/11/04 4:0 p.m.29 views

CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...

5.5AI score0.03988EPSS
Exploits1References23
Tenable Nessus
Tenable Nessus
added 2014/11/03 12:0 a.m.24 views

Fedora 21 : libxml2-2.9.1-6.fc21 (2014-12915)

New variants for the billion laugh DOS attacks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

5CVSS6.5AI score0.03988EPSS
Exploits1References3
Fedora
Fedora
added 2014/11/01 5:15 p.m.67 views

[SECURITY] Fedora 21 Update: libxml2-2.9.1-6.fc21

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

5CVSS0.5AI score0.03988EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/10/30 12:0 a.m.25 views

openSUSE Security Update : libxml2 (openSUSE-SU-2014:1330-1)

This update fixes a denial of service vulnerability when expanding recursive entity CVE-2014-3660 bnc901546 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-606. The text...

5CVSS6.4AI score0.03988EPSS
Exploits1References3
Debian
Debian
added 2014/10/29 9:33 p.m.38 views

[SECURITY] [DLA 80-1] libxml2 security update

Package : libxml2 Version : 2.7.8.dfsg-2+squeeze10 CVE ID : CVE-2014-0191 CVE-2014-3660 Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by ...

5CVSS6.9AI score0.081EPSS
Exploits2
OSV
OSV
added 2014/10/29 12:0 a.m.34 views

DLA-80-1 libxml2 - security update

Bulletin has no description...

5CVSS6.7AI score0.03988EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/10/28 12:0 a.m.23 views

Ubuntu: Security Advisory (USN-2389-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.9AI score0.03988EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2014/10/28 12:0 a.m.35 views

Debian DSA-3057-1 : libxml2 - security update

Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denial of service...

5CVSS6.5AI score0.03988EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2014/10/28 12:0 a.m.21 views

Ubuntu 14.04 LTS : libxml2 vulnerability (USN-2389-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2389-1 advisory. It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a...

5CVSS6.6AI score0.03988EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2014/10/27 1:8 p.m.59 views

USN-2389-1: libxml2 vulnerability

It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service...

5CVSS6.7AI score0.03988EPSS
Exploits1
OSV
OSV
added 2014/10/27 1:8 p.m.2 views

USN-2389-1 libxml2 vulnerability

It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service...

5CVSS6.7AI score0.03988EPSS
Exploits1References2
securityvulns
securityvulns
added 2014/10/27 12:0 a.m.69 views

[ MDVSA-2014:204 ] libxml2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:204 http://www.mandriva.com/en/support/security/ Package : libxml2 Date : October 23, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in libxml2: A denial...

5CVSS6.6AI score0.03988EPSS
Exploits1
Debian
Debian
added 2014/10/26 9:19 p.m.31 views

[SECURITY] [DSA 3057-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3057-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 26, 2014 http://www.debian.org/security/faq -...

5CVSS6.8AI score0.03988EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/10/26 12:0 a.m.15 views

Debian Security Advisory DSA 3057-1 (libxml2 - security update)

Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denial of service...

5CVSS0.1AI score0.03988EPSS
Exploits1References1
OSV
OSV
added 2014/10/26 12:0 a.m.43 views

DSA-3057-1 libxml2 - security update

Bulletin has no description...

5CVSS6.7AI score0.03988EPSS
Exploits1
OpenVAS
OpenVAS
added 2014/10/25 12:0 a.m.23 views

Debian: Security Advisory (DSA-3057-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.9AI score0.03988EPSS
Exploits1References3
ArchLinux
ArchLinux
added 2014/10/24 12:0 a.m.50 views

libxml2: Denial of service

Daniel Berrange discovered that libxml2 incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, leads to the exhaustion of CPU and...

5CVSS3.2AI score0.081EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2014/10/24 12:0 a.m.29 views

Mandriva Linux Security Advisory : libxml2 (MDVSA-2014:204)

A vulnerability has been found and corrected in libxml2 : A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, wou...

5CVSS6.2AI score0.03988EPSS
Exploits1References2
Rows per page
Query Builder