XML External Entities (XXE)

libxml2 is vulnerable to XML external entity attacks. The xmlParserHandlePEReference function in parser.c allows external parameter entities to be loaded regardless of whether entity substitution or validation is enabled. This allows an attacker to cause a denial of service condition or an...

EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1156)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial ...

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

Code injection

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

VMware ESXi Multiple Vulnerabilities (VMSA-2014-0012)

The remote VMware ESXi host is affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Python function readstatus in library httplib and in function readline in libraries smtplib, ftplib, nntplib, imaplib, and poplib. A remote attacker can exploit these...

Gentoo Security Advisory GLSA 201409-08

Gentoo Linux Local Security Checks GLSA 201409-08 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Design/Logic Flaw

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...

CVE-2014-0191

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...

CVE-2014-0191

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...

GLSA-201409-08 : libxml2: Denial of Service

The remote host is affected by the vulnerability described in GLSA-201409-08 libxml2: Denial of Service A vulnerability in the xmlParserHandlePEReference function of parser.c, when expanding entity references, can be exploited to consume large amounts of memory and cause a crash or hang. Impact :...

libxml2: Denial of service

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description A vulnerability in the xmlParserHandlePEReference function of parser.c, when expanding entity references, can be exploited to consume large amounts of memory and cause a crash or hang. Impact A remote...

PT-2014-1834

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.2 libxml2-devel version 2.7.6 libxml2-static version 2.7.6 libxml2-debuginfo version 2.7.6 Description The issue is related to the xmlParserHandlePEReference function in parser.c in libxml2, which loads external...