157 matches found
EUVD-2025-4769
Malicious code in bioql PyPI...
Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images
Summary Multiple vulnerabilities were addressed in IBM MQ Operator and Queue manager container images Vulnerability Details CVEID:CVE-2025-32415 DESCRIPTION: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploi...
libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denia...
libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denia...
libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denia...
libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denia...
libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables
A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denia...
NewStart CGSL MAIN 7.02 : libxml2 Multiple Vulnerabilities (NS-SA-2025-0106)
The remote NewStart CGSL host, running version MAIN 7.02, has libxml2 packages installed that are affected by multiple vulnerabilities: - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value...
Ubuntu: Security Advisory (USN-7659-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2025-1830)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To exploit thi...
EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2025-1783)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrec...
EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2025-1597)
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.CVE-2025-27113 libxml2 before 2.12.10...
FreeBSD : libxml2 -- Use After Free (bd2af307-3e50-11f0-95d4-00a098b42aeb)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd2af307-3e50-11f0-95d4-00a098b42aeb advisory. [email protected] reports: libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in...
CLSA-2025-1748282288 Fix CVE(s): CVE-2025-32414, CVE-2025-32415
SECURITY UPDATE: Out-of-bounds memory access in Python API bindings - debian/patches/CVE-2025-32414.patch: Limit character reads and reserve buffer space for UTF-8 encoding to prevent overflow - CVE-2025-32414 SECURITY UPDATE: Heap buffer under-read in XML schema validation -...
CLSA-2025-1746654421 libxml2: Fix of CVE-2025-32415
CVE-2025-32415: fix heap-based buffer under-read in xmlSchemaIDCFillNodeTables...
CLSA-2025-1746653948 Fix CVE(s): CVE-2025-32414, CVE-2025-32415
SECURITY UPDATE: OOB access in python API - debian/patches/CVE-2025-32414-pre1.patch: fix SAX driver with character streams in python/drvlibxml2.py. - debian/patches/CVE-2025-32414-1.patch: read at most len/4 characters in python/libxml.c. - debian/patches/CVE-2025-32414-2.patch: add a test in...
Heap-based Buffer Under-read
libxml2.so is vulnerable to a Heap-based buffer under-read. The vulnerability is due to improper handling of identity constraints in the XML schema processing, specifically in the xmlSchemaIDCFillNodeTables function in xmlschemas.c, allows a heap-based buffer under-read when certain identity...
libxml2 < 2.13.8 / 2.14.x < 2.14.2 Multiple Vulnerabilities (macOS)
The version of libxml2 installed on the remote host is affected by multiple vulnerabilities. - In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and...
MGASA-2025-0139 Updated libxml2 packages fix security vulnerabilities
CVE-2025-32414 Buffer overflow when parsing text streams with Python API CVE-2025-32415 Heap-based Buffer Overflow in xmlSchemaIDCFillNodeTables...
Buffer Under-read
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Buffer Under-read in the xmlSchemaIDCFillNodeTables function. An attacker can cause partial denial of service by by validating a malicious XML document against an XML schema usin...