Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities

The version of libxml2 packaged with Nokogiri contains several vulnerabilities. Nokogiri has mitigated these issues by upgrading to libxml 2.9.5. It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial ...

Updated perl-XML-LibXML packages fix security vulnerability

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows attackers to execute arbitrary code by controlling the arguments to a replaceChild call CVE-2017-10672...

MGASA-2017-0254 Updated perl-XML-LibXML packages fix security vulnerability

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows attackers to execute arbitrary code by controlling the arguments to a replaceChild call CVE-2017-10672...

Fedora Update for perl-XML-LibXML FEDORA-2017-3d5354d30f

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : 1:perl-XML-LibXML (2017-534f300508)

This release fixes a use-after-free in replaceChild call. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora 24 : 1:perl-XML-LibXML (2017-790ff602a6)

This release fixes a use-after-free in replaceChild call. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Fedora Update for perl-XML-LibXML FEDORA-2017-534f300508

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for perl-XML-LibXML FEDORA-2017-790ff602a6

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : 1:perl-XML-LibXML (2017-3d5354d30f)

This release fixes a use-after-free in replaceChild call. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

CVE-2017-10672

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

Design/Logic Flaw

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

CVE-2017-10672

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

CVE-2017-10672

The CVE-2017-10672 issue affects the Perl XML-LibXML module; a use-after-free in XML-LibXML up to version 2.0129 allows remote attackers to execute arbitrary code by controlling arguments to replaceChild. The Nessus/OSINT entries confirm the vulnerability exists in multiple distro packages (e.g.,...

UBUNTU-CVE-2017-10672

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

CVE-2017-10672

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

Perl XML-LibXML Module Arbitrary Code Execution Vulnerability

Perl is an American programmer Larry Wall Larry Wall developed a cross-platform programming language. XML-LibXML is one of the Debian-based XML file conversion module. An arbitrary code execution vulnerability exists in Perl's XML-LibXML module =2.0129, which can be exploited by a remote attacker...

DEBIAN-CVE-2017-5969

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service NULL pointer dereference via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML...

Juniper Networks Junos Space Multiple Vulnerabilities (JSA10770)

Juniper Networks Junos Space is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

php: libxml_disable_entity_loader setting is shared between threads

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

Ubuntu 14.04 LTS / 16.04 LTS : Oxide vulnerabilities (USN-3041-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3041-1 advisory. Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could...