MiracleLinux 9 : libxml2-2.9.13-6.el9 (AXSA:2024-7767:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7767:02 advisory. libxml2: use-after-free in XMLReader CVE-2024-25062 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 8 : libxml2-2.9.7-18.el8_10.1 (AXSA:2024-8162:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8162:03 advisory. libxml2: use-after-free in XMLReader CVE-2024-25062 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

EUVD-2018-0420

Malware in sbrugna...

EUVD-2022-34416

Malicious code in bioql PyPI...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the com.powsybl.commons.xml.XmlReader class. An attacker can access sensitive files or internal resources by submitting specially crafted XML input. Note: This is only exploitable if untrusted users...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the com.powsybl.commons.xml.XmlReader class. An attacker can access sensitive files or internal resources by submitting specially crafted XML input. Note: This is only exploitable if untrusted users...

Use-after-free in xmlValidatePopElement() using XMLReader API (CVE-2024-25062)

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

Security Bulletin: libxml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2024-25062)

Summary The libxml2 used by Identity Insight has a vulnerability in its XMLReader API call. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude...

Security Bulletin: IBM DataPower Gateway vulnerable to DoS (CVE-2024-25062)

Summary libxml2 is used in the DataPower Gateway's DB2 connector. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing...

openSUSE Security Advisory (SUSE-SU-2024:3733-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of...

Fedora 39 : php (2024-52c23ef1ec)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 06 Jun 2024 CGI: Fixed buffer limit on Windows, replacing read call usage by read. David Carlier Fixed bug GHSA-3qgc-jrrr-25jv...

Fedora 40 : php (2024-49aba7b305)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49aba7b305 advisory. PHP version 8.3.8 06 Jun 2024 CGI: Fixed buffer limit on Windows, replacing read call usage by read. David Carlier Fixed bug GHSA-3qgc-jrrr-25jv...

openSUSE: Security Advisory for libxml2 (SUSE-SU-2024:0613-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0613-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader bsc1219576...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

libxml2: use-after-free in XMLReader

A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

RHEL 9 : libxml2 (RHSA-2024:3625)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3625 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: use-after-free in...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: use-after-free in XMLReader CVE-2024-25062 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

ALSA-2024:3626 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: use-after-free in XMLReader CVE-2024-25062 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...