Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-34967 DESCRIPTION: Samba is vulnerable to a denial of service, caused by a ty...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer in the RHEL UBI (CVE-2023-39615)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-39615. Vulnerability Details CVEID:CVE-2023-39615 DESCRIPTION: Xmlsoft Libxml2 is vulnerable to a denial of service, caused ...

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 267 Vulnerability Details CVEID:CVE-2024-20919 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause hi...

RHEL 8 : libxml2 (RHSA-2023:7544)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7544 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: crafted xml can cause...

AlmaLinux 9 : libxml2 (ALSA-2023:7747)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:7747 advisory. - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows...

Oracle Linux 9 : libxml2 (ELSA-2023-7747)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7747 advisory. 2.9.13-5 - Fix CVE-2023-39615 RHEL-5180 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

CVE-2023-39615

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

Security Bulletin: Multiple vulnerabilities in XMLsoft Libxml2 and OpenSSL affect IBM Netezza Analytics

Summary XMLsoft Libxml2 and OpenSSL are consumed by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-16932 DESCRIPTION: Xmlsoft libxml2 is vulnerable to a denial of service, caused by an infinite recursion issue in parameter...

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4483)

Summary libxml2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing a specially crafted XML file if recover mode is used. By persuading a victim to open a specially crafted XML file, a remote attacker could exploit this vulnerability to cause the application to cras...

Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4447 CVE-2016-4448 CVE-2016-4449)

Summary Open Source XMLsoft Libxml2 Vulnerabilities affects IBM Security Guardium. IBM Security Guardium has fixed these vulnerabilites Vulnerability Details CVEID: CVE-2016-4447 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by a heap-based buffer overflow. By persuading a...

Security Bulletin: Multiple vulnerabilities in XMLsoft Libxml2 affect IBM Streams

Summary There are multiple vulnerabilities in Libxml2 library used by IBM Streams. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVE-ID: CVE-2016-2073 Description: libxml2 is vulnerable to a heap-based buffer overflow, caused by an out-of-bounds read in the...

Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities

Summary The libxml2 library, used by IBM Streams may have security vulnerabilities. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-9050 DESCRIPTION: libxml2 is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the xmlDictAddStri...

Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities

Summary The libxml2 library, used by IBM Streams may have security vulnerabilities. IBM Streams has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-7376 DESCRIPTION: libxml2 is vulnerable to a denial of service, caused by the incorrect limit used when calculating the port val...

libxml2递归实体远程拒绝服务漏洞

BUGTRAQ ID: 30783 CVECAN ID: CVE-2008-3281 libxml2软件包提供允许用户操控XML文件的函数库，包含有读、修改和写XML和HTML文件支持。 libxml2库在解析某些XML内容时没有正确地检查递归深度，使用Libxml2库的应用程序在处理特制XML文档时可能会耗尽所有可用的内存和CPU资源。 XMLSoft Libxml2 2.6.x 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1631-1）以及相应补丁: DSA-1631-1：New libxml2 packages fix denial of...

CVE-2004-0110

Buffer overflow in the 1 nanohttp or 2 nanoftp modules in XMLSoft Libxml 2 Libxml2 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL...