6939 matches found
RedHat Update for libxml2 RHSA-2014:0513-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: libxml2
Issue Overview: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-craft...
Low: libxml2
Issue Overview: parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state. Affected...
CentOS 6 : libxml2 (CESA-2014:0513)
Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
RHEL 6 : libxml2 (RHSA-2014:0513)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0513 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded...
Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64 (20140519)
It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity XXE attacks, possibly resulting ...
Oracle Linux 6 : libxml2 (ELSA-2014-0513)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0513 advisory. - Improve handling of xmlStopParserCVE-2013-2877 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...
libxml2 security update
CentOS Errata and Security Advisory CESA-2014:0513 Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...
libxml2: Out-of-bounds read via a document that ends abruptly
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...
Moderate: Red Hat Security Advisory: libxml2 security update
Updated libxml2 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
libxml2: external parameter entity loaded when entity substitution is disabled
It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity XXE attacks, possibly resulting ...
libxml2 security update
2.7.6-14.0.1.el65.1 - Update doc/redhat.gif in tarball - Add libxml2-oracle-enterprise.patch and update logos in tarball 2-2.7.6-14.el65.1 - Improve handling of xmlStopParserCVE-2013-2877 - Do not fetch external parameter entities CVE-2014-0191...
Ubuntu: Security Advisory (USN-2214-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : libxml2 vulnerability (USN-2214-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2214-1 advisory. Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into...
USN-2214-1: libxml2 vulnerability
Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service...
FreeBSD : libxml2 -- entity substitution DoS (efdd0edc-da3d-11e3-9ecb-2c4138874f7d)
Stefan Cornelius reports : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a...
Mandriva Linux Security Advisory : libxml2 (MDVSA-2014:086)
Updated libxml2 packages fix security vulnerability : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...
FreeBSD : libxml2 -- lack of end-of-document check DoS (e7bb3885-da40-11e3-9ecb-2c4138874f7d)
CVE MITRE reports : parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service out-of-bounds read via a document that ends abruptly, related to the lack of certain checks for the XMLPARSEREOF state...
Fedora Update for python-lxml FEDORA-2014-5801
Check for the Version of python-lxml OpenVAS Vulnerability Test Fedora Update for python-lxml FEDORA-2014-5801 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Updated libxml2 packages fix CVE-2014-0191
Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...