24 matches found
EulerOS Virtualization 2.12.0 : libxml2 (EulerOS-SA-2026-2106)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveU...
CVE-2026-0990
A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...
MiracleLinux 9 : libxml2-2.9.13-11.el9_6 (AXSA:2025-10680:11)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10680:11 advisory. libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr CVE-2025-7425 Tenable has extracted the preceding description block directl...
PT-2026-3018
Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description An uncontrolled recursion issue exists in libxml2, an XML parsing library, specifically within the xmlCatalogXMLResolveURI function. This occurs when an XML catalog includes a delegate URI...
Important: Red Hat Security Advisory: expat security update
An update for expat is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...
RHEL 10 : expat (RHSA-2025:21030)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21030 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocatio...
libxml2 安全漏洞
libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 version 2.14.5 and earlier, which stems from an uncontrolled recursion problem...
USN-7145-1: Expat vulnerability
It was discovered that Expat did not properly handle its internal state when attempting to resume an unstarted parser. An attacker could use this issue to cause a denial of service application crash...
Vulnerability of the nextScaffoldPart() function (xmlparse.c) in the libexpat XML parsing library, which allows an attacker to cause a service failure or execute arbitrary code.
The vulnerability of the nextScaffoldPart function in the libexpat XML parsing library is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause service failures or execute arbitrary code...
CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection
Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...
ALPINE-CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...
libxml2 资源管理错误漏洞
libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. A resource management error vulnerability exists in libxml2. No information about this vulnerability is available at this time, please stay tuned to CNNVD o...
UBUNTU-CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...
ALPINE-CVE-2022-22826
nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...
libxml2 输入验证错误漏洞
libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. An input validation error vulnerability exists in libxml2. An attacker can exploit this vulnerability to trigger a denial of service attack...
Debian DLA-2048-1 : libxml2 security update
It was discovered that there was a potential denial of service vulnerability in libxml2, the GNOME XML parsing library. For Debian 8 'Jessie', this issue has been fixed in libxml2 version 2.9.1+dfsg1-5+deb8u8. We recommend that you upgrade your libxml2 packages. NOTE: Tenable Network Security has...
Debian: Security Advisory (DLA-1912-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libxml Denial of Service Vulnerability
libxml2 is the GNOME project team developed a C-based library for parsing XML documents, which supports multiple encoding formats, Xpath parsing, Well-formed and valid validation. A security vulnerability exists in the 'xzdecomp' function of the xzlib.c file in libxml2 version 2.9.8. A remote...
Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers
Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to stea...
UBUNTU-CVE-2017-16931
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...