6939 matches found
CVE-2014-3660
CVE-2014-3660 affects libxml2: parser.c allowed excessive entity expansion (billion laughs) even when entity substitution is disabled, enabling DoS via crafted XML. Public details confirm the vulnerability in libxml2 up to versions before 2.9.2. Affected component is the XML parser (parser.c) in ...
CVE-2014-3660
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...
CVE-2014-3660
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...
Fedora 21 : libxml2-2.9.1-6.fc21 (2014-12915)
New variants for the billion laugh DOS attacks Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
[SECURITY] Fedora 21 Update: libxml2-2.9.1-6.fc21
This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...
openSUSE Security Update : libxml2 (openSUSE-SU-2014:1330-1)
This update fixes a denial of service vulnerability when expanding recursive entity CVE-2014-3660 bnc901546 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-606. The text...
[SECURITY] [DLA 80-1] libxml2 security update
Package : libxml2 Version : 2.7.8.dfsg-2+squeeze10 CVE ID : CVE-2014-0191 CVE-2014-3660 Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by ...
DLA-80-1 libxml2 - security update
Bulletin has no description...
Ubuntu: Security Advisory (USN-2389-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-3057-1 : libxml2 - security update
Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denial of service...
Ubuntu 14.04 LTS : libxml2 vulnerability (USN-2389-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2389-1 advisory. It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a...
USN-2389-1: libxml2 vulnerability
It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service...
USN-2389-1 libxml2 vulnerability
It was discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service...
[ MDVSA-2014:204 ] libxml2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:204 http://www.mandriva.com/en/support/security/ Package : libxml2 Date : October 23, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in libxml2: A denial...
[SECURITY] [DSA 3057-1] libxml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3057-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 26, 2014 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3057-1 (libxml2 - security update)
Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption denial of service...
DSA-3057-1 libxml2 - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3057-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libxml2: Denial of service
Daniel Berrange discovered that libxml2 incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, leads to the exhaustion of CPU and...
Mandriva Linux Security Advisory : libxml2 (MDVSA-2014:204)
A vulnerability has been found and corrected in libxml2 : A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, wou...