Lucene search
K

6939 matches found

OSV
OSV
added 2014/05/10 7:46 p.m.9 views

MGASA-2014-0214 Updated libxml2 packages fix CVE-2014-0191

Updated libxml2 packages fix security vulnerability: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote...

4.3CVSS6.4AI score0.081EPSS
Exploits1References3
Fedora
Fedora
added 2014/05/08 10:0 a.m.14 views

[SECURITY] Fedora 19 Update: python-lxml-3.3.5-1.fc19

lxml provides a Python binding to the libxslt and libxml2 libraries. It follows the ElementTree API as much as possible in order to provide a more Pythonic interface to libxml2 and libxslt than the default bindings. In particular, lxml deals with Python Unicode strings rather than encoded UTF-8 a...

1.8AI score
Exploits0
UbuntuCve
UbuntuCve
added 2014/05/07 12:0 a.m.28 views

CVE-2014-0191

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...

4.3CVSS6.8AI score0.081EPSS
Exploits1References3
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.39 views

libxml2 DoS

CPU exhaustion on XML parsing...

4.3CVSS3AI score0.081EPSS
Exploits1References1
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.63 views

[oss-security] CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled

Hi, It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substituton in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially-crafted XML file...

7.2AI score0.081EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/01/29 12:0 a.m.41 views

SuSE 11.2 / 11.3 Security Update : libxml2 (SAT Patch Numbers 8713 / 8714)

This update fixes a DoS vulnerability in libxml2. CVE-2013-2877 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update information. The text itself is copyright C Novell, Inc. ...

5CVSS6.8AI score0.04733EPSS
Exploits0References4
OSV
OSV
added 2014/01/21 6:55 p.m.8 views

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...

6.6AI score
Exploits0References16
NVD
NVD
added 2014/01/21 6:55 p.m.23 views

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...

6.8CVSS7.8AI score0.0442EPSS
Exploits1References15
OSV
OSV
added 2014/01/21 6:55 p.m.1 views

DEBIAN-CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...

6.8CVSS8.2AI score0.0442EPSS
Exploits1References1
Prion
Prion
added 2014/01/21 6:55 p.m.29 views

Xxe

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...

6.8CVSS7.2AI score0.0442EPSS
Exploits1References15Affected Software4
Cvelist
Cvelist
added 2014/01/21 6:0 p.m.25 views

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...

9.1AI score0.0442EPSS
Exploits1References15
CVE
CVE
added 2014/01/21 6:0 p.m.110 views

CVE-2013-0339

CVE-2013-0339 affects libxml2 up to version 2.9.1 and is an XML External Entity (XXE) issue. The root cause is improper handling of external entities expansion unless an application developer uses xmlSAX2ResolveEntity or xmlSetExternalEntityLoader. Impact cited includes potential denial of servic...

6.8CVSS9AI score0.0442EPSS
Exploits1References15Affected Software1
Debian CVE
Debian CVE
added 2014/01/21 6:0 p.m.30 views

CVE-2013-0339

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...

6.8CVSS8.5AI score0.0442EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2014/01/21 12:0 a.m.3 views

PT-2014-1964 · Libxml2 +2 · Libxml2 +2

Name of the Vulnerable Software and Affected Versions: libxml2 versions prior to 2.9.2 Description: The issue is related to the handling of external entities expansion in libxml2, which can be exploited by remote attackers to cause a denial of service, send HTTP requests to intranet servers, or...

7.5CVSS7.2AI score0.04733EPSS
Exploits4References86
Tenable Nessus
Tenable Nessus
added 2014/01/20 12:0 a.m.84 views

ESXi 5.1 < Build 1483097 Multiple Vulnerabilities (remote check)

The remote VMware ESXi 5.1 host is affected by the following vulnerabilities : - A denial of service vulnerability exists in the bundled OpenSSL library that is triggered when handling OCSP response verification. A remote attacker can exploit this to crash the program. CVE-2013-0166 - An error...

5CVSS7AI score0.35584EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2013/12/03 12:0 a.m.21 views

VMSA-2013-0004 VMware ESXi security update for third party library (remote check)

The remote ESXi is missing one or more security related Updates from VMSA-2013-0004. OpenVAS Vulnerability Test $Id: gbVMSA-2013-0004remote.nasl 6065 2017-05-04 09:03:08Z teissa $ VMSA-2013-0004 VMware ESXi security update for third party library remote check Authors: Michael Meyer Copyright:...

6.8CVSS0.04382EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2013/12/03 12:0 a.m.35 views

libxml2 -- entity substitution DoS

Stefan Cornelius reports: It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a...

4.3CVSS7.8AI score0.081EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2013/12/03 12:0 a.m.31 views

VMware ESXi security update for third party library (VMSA-2013-0004) - Remote Version Check

The remote ESXi is missing one or more security related Updates from VMSA-2013-0004. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

6.8CVSS8.4AI score0.04382EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2013/11/27 12:0 a.m.49 views

Oracle Linux 6 : augeas (ELSA-2013-1537)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1537 advisory. 1.0.0-5 - Don't package lenses in tests/ subdirectory. related: rhbz817753 1.0.0-4 - Rebase to Augeas 1.0.0 resolves: rhbz817753 - Add dependency on...

3.7CVSS5.6AI score0.00446EPSS
Exploits1References3
Oracle linux
Oracle linux
added 2013/11/25 12:0 a.m.38 views

augeas security, bug fix, and enhancement update

1.0.0-5 - Don't package lenses in tests/ subdirectory. related: rhbz817753 1.0.0-4 - Rebase to Augeas 1.0.0 resolves: rhbz817753 - Add dependency on libxml2-devel. - Remove all patches all upstream and included in 1.0.0. - Print tests/test-suite.log when the tests fail. - Add fix for regression...

3.7CVSS1.6AI score0.00446EPSS
Exploits1
Rows per page
Query Builder