Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a ty...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer in the RHEL UBI (CVE-2023-39615)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-39615. Vulnerability Details CVEID:CVE-2023-39615 DESCRIPTION: Xmlsoft Libxml2 is vulnerable to a denial of service, caused ...

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 267 Vulnerability Details CVEID:CVE-2024-20919 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause hi...

RHEL 8 : libxml2 (RHSA-2023:7544)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7544 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause...

AlmaLinux 9 : libxml2 (ALSA-2023:7747)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:7747 advisory. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows...

Oracle Linux 9 : libxml2 (ELSA-2023-7747)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7747 advisory. 2.9.13-5 - Fix CVE-2023-39615 RHEL-5180 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

CVE-2023-39615

CVE-2023-39615 : Libxml2 (version 2.11.0) contains an out-of-bounds read in xmlSAX2StartElement() (/libxml2/SAX2.c) that can cause a Denial of Service when parsing a crafted XML. The vendor notes that Libxml2 does not support the legacy SAX1 interface with custom callbacks; there is a crash even ...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

Security Bulletin: Multiple vulnerabilities in XMLsoft Libxml2 and OpenSSL affect IBM Netezza Analytics

Summary XMLsoft Libxml2 and OpenSSL are consumed by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-16932 DESCRIPTION: Xmlsoft libxml2 is vulnerable to a denial of service, caused by an infinite recursion issue in parameter...

libxslt CVE-2019-18197 Arbitrary Code Execution Vulnerability

Description libxslt is prone to an arbitrary code-execution vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. libxslt version 1.1.33 is...

libxslt CVE-2019-13117 Information Disclosure Vulnerability

Description libxslt is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. libxslt 1.1.33 is vulnerable; other versions may also be affected. Technologies Affected Oracle JDKLinux Production Release...

libxslt CVE-2019-11068 Security Bypass Vulnerability

Description libxslt is prone to a security-bypass vulnerability. Attackers can leverage this issue to bypass security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected Oracle JDKLinux Production Release 1.8.0 Update 221 Oracle JDKSolar...

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4483)

Summary libxml2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing a specially crafted XML file if recover mode is used. By persuading a victim to open a specially crafted XML file, a remote attacker could exploit this vulnerability to cause the application to cras...

Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4447 CVE-2016-4448 CVE-2016-4449)

Summary Open Source XMLsoft Libxml2 Vulnerabilities affects IBM Security Guardium. IBM Security Guardium has fixed these vulnerabilites Vulnerability Details CVEID: CVE-2016-4447 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a...

Security Bulletin: Multiple vulnerabilities in XMLsoft Libxml2 affect IBM Streams

Summary There are multiple vulnerabilities in Libxml2 library used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2016-2073 Description: libxml2 is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds read in the...

Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities

Summary The libxml2 library, used by IBM Streams may have security vulnerabilities. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-9050 DESCRIPTION: libxml2 is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the xmlDictAddStri...