13 matches found
Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 1.0.307 Vulnerability Details CVEID:CVE-2025-57810 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in C...
Oracle HTTP Server (July 2025 CPU)
The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To exploit this, a...
libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2
A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD...
Medium: libxml2
Issue Overview: Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615 Affected Packages: libxml2 Issu...
SUSE CVE-2008-4225
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service infinite loop via a large XML document...
CLSA-2022-1660762248 Fixed 13 CVEs in expat
CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...
CLSA-2022-1660757175 Fixed 15 CVEs in expat
CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2022-2093)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-bounds write...
CVE-2018-20593
In Mini-XML aka mxml v2.12, there is stack-based buffer overflow in the scanfile function in mxmldoc.c...
Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947)
Summary There are multiple vulnerabilities in IBM HTTP Server IHS that is used by IBM Security SiteProtector System. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION: Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89...
CVE-2009-3720
The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...
libxml2: integer overflow leading to infinite loop in xmlBufferResize
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service infinite loop via a large XML document...