6939 matches found
MGASA-2014-0214 Updated libxml2 packages fix CVE-2014-0191
Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...
[SECURITY] Fedora 19 Update: python-lxml-3.3.5-1.fc19
lxml provides a Python binding to the libxslt and libxml2 libraries. It follows the ElementTree API as much as possible in order to provide a more Pythonic interface to libxml2 and libxslt than the default bindings. In particular, lxml deals with Python Unicode strings rather than encoded UTF-8 a...
CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...
libxml2 DoS
CPU exhaustion on XML parsing...
[oss-security] CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled
Hi, It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file...
SuSE 11.2 / 11.3 Security Update : libxml2 (SAT Patch Numbers 8713 / 8714)
This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. ...
CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
DEBIAN-CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
Xxe
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
CVE-2013-0339
CVE-2013-0339 affects libxml2 up to version 2.9.1 and is an XML External Entity (XXE) issue. The root cause is improper handling of external entities expansion unless an application developer uses xmlSAX2ResolveEntity or xmlSetExternalEntityLoader. Impact cited includes potential denial of servic...
CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
PT-2014-1964 · Libxml2 +2 · Libxml2 +2
Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.2 Description: The issue is related to the handling of external entities expansion in libxml2, which can be exploited by remote attackers to cause a denial of service, send HTTP requests to intranet servers, or...
ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)
The remote VMware ESXi 5.1 host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. CVE-2013-0166 - An error...
VMSA-2013-0004 VMware ESXi security update for third party library (remote check)
The remote ESXi is missing one or more security related Updates from VMSA-2013-0004. OpenVAS Vulnerability Test $Id: gbVMSA-2013-0004remote.nasl 6065 2017-05-04 09:03:08Z teissa $ VMSA-2013-0004 VMware ESXi security update for third party library remote check Authors: Michael Meyer Copyright:...
libxml2 -- entity substitution DoS
Stefan Cornelius reports: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a...
VMware ESXi security update for third party library (VMSA-2013-0004) - Remote Version Check
The remote ESXi is missing one or more security related Updates from VMSA-2013-0004. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...
Oracle Linux 6 : augeas (ELSA-2013-1537)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1537 advisory. 1.0.0-5 - Don't package lenses in tests/ subdirectory. related: rhbz817753 1.0.0-4 - Rebase to Augeas 1.0.0 resolves: rhbz817753 - Add dependency on...
augeas security, bug fix, and enhancement update
1.0.0-5 - Don't package lenses in tests/ subdirectory. related: rhbz817753 1.0.0-4 - Rebase to Augeas 1.0.0 resolves: rhbz817753 - Add dependency on libxml2-devel. - Remove all patches all upstream and included in 1.0.0. - Print tests/test-suite.log when the tests fail. - Add fix for regression...