Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-815-1
HistoryAug 11, 2009 - 12:00 a.m.

libxml2 vulnerabilities

2009-08-1100:00:00
ubuntu.com
32

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON

Releases

  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 6.06

Packages

  • libxml2 -

Details

It was discovered that libxml2 did not correctly handle root XML document
element DTD definitions. If a user were tricked into processing a specially
crafted XML document, a remote attacker could cause the application linked
against libxml2 to crash, leading to a denial of service. (CVE-2009-2414)

It was discovered that libxml2 did not correctly parse Notation and
Enumeration attribute types. If a user were tricked into processing a
specially crafted XML document, a remote attacker could cause the
application linked against libxml2 to crash, leading to a denial of
service. (CVE-2009-2416)

USN-644-1 fixed a vulnerability in libxml2. This advisory provides the
corresponding update for Ubuntu 9.04.

Original advisory details:

It was discovered that libxml2 did not correctly handle long entity names.
If a user were tricked into processing a specially crafted XML document, a
remote attacker could execute arbitrary code with user privileges or cause
the application linked against libxml2 to crash, leading to a denial of
service. (CVE-2008-3529)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.04noarchlibxml2< 2.6.32.dfsg-5ubuntu4.2UNKNOWN
Ubuntu9.04noarchlibxml2-dbg< 2.6.32.dfsg-5ubuntu4.2UNKNOWN
Ubuntu9.04noarchlibxml2-dev< 2.6.32.dfsg-5ubuntu4.2UNKNOWN
Ubuntu9.04noarchlibxml2-udeb< 2.6.32.dfsg-5ubuntu4.2UNKNOWN
Ubuntu9.04noarchlibxml2-utils< 2.6.32.dfsg-5ubuntu4.2UNKNOWN
Ubuntu9.04noarchpython-libxml2< 2.6.32.dfsg-5ubuntu4.2UNKNOWN
Ubuntu9.04noarchpython-libxml2-dbg< 2.6.32.dfsg-5ubuntu4.2UNKNOWN
Ubuntu8.10noarchlibxml2< 2.6.32.dfsg-4ubuntu1.2UNKNOWN
Ubuntu8.10noarchlibxml2-dbg< 2.6.32.dfsg-4ubuntu1.2UNKNOWN
Ubuntu8.10noarchlibxml2-dev< 2.6.32.dfsg-4ubuntu1.2UNKNOWN
Rows per page:
1-10 of 261

Related

openvas 77
nessus 64
altlinux 2
securityvulns 5
osv 3
fedora 5
f5 2
gentoo 1
centos 3
debian 3
redhat 3
oraclelinux 2
seebug 5
chrome 1
veracode 1
exploitpack 1
checkpoint_advisories 1
packetstorm 2
ubuntucve 3
cve 3
freebsd 3
debiancve 3
prion 3
exploitdb 1
ubuntu 1
threatpost 1
openvas
openvas
Ubuntu USN-815-1 (libxml2)
2009-08-17 00:00:00
Ubuntu: Security Advisory (USN-815-1)
2009-08-17 00:00:00
CentOS Security Advisory CESA-2009:1206 (libxml2)
2009-08-17 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : libxml2 vulnerabilities (USN-815-1)
2009-08-12 00:00:00
openSUSE Security Update : libxml2 (libxml2-1175)
2009-08-12 00:00:00
RHEL 3 / 4 / 5 : libxml and libxml2 (RHSA-2009:1206)
2009-08-11 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package libxml2 version 1:2.7.3-alt2
2009-08-17 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.7.3-alt2
2009-08-17 00:00:00
securityvulns
securityvulns
libxml multiple security vulnerability
2009-08-11 00:00:00
[SECURITY] [DSA 1859-1] New libxml2 packages fix several issues
2009-08-11 00:00:00
[Full-disclosure] [NETRAGARD SECURITY ADVISORY] [&lt; Safari 3.2.3 Arbitrary Code Execution + PoC ][NETRAGARD-20090622]
2009-06-22 00:00:00
osv
osv
libxml2 - several issues
2009-08-10 00:00:00
libxml - several issues
2009-08-13 00:00:00
libxml2 - execution of arbitrary code
2008-10-14 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: mingw32-libxml2-2.7.3-2.fc11
2009-08-15 08:17:15
[SECURITY] Fedora 11 Update: libxml2-2.7.3-3.fc11
2009-08-11 22:40:10
[SECURITY] Fedora 10 Update: libxml2-2.7.3-2.fc10
2009-08-11 22:38:03
f5
f5
K15864 : libxml vulnerabilities CVE-2009-2414 and CVE-2009-2416
2015-09-14 00:00:00
SOL15864 - libxml vulnerabilities CVE-2009-2414 and CVE-2009-2416
2014-11-25 00:00:00
gentoo
gentoo
libxml2: Denial of service
2010-09-21 00:00:00
centos
centos
libxml, libxml2 security update
2009-08-10 21:37:50
libxml2 security update
2008-09-11 20:48:40
libxml2 security update
2008-09-12 01:23:56
debian
debian
[SECURITY] [DSA 1861-1] New libxml packages fix several issues
2009-08-13 20:40:37
[SECURITY] [DSA 1859-1] New libxml2 packages fix several issues
2009-08-10 18:55:11
[SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code
2008-10-14 18:04:50
redhat
redhat
(RHSA-2009:1206) Moderate: libxml and libxml2 security update
2009-08-10 00:00:00
(RHSA-2008:0884) Important: libxml2 security update
2008-09-11 00:00:00
(RHSA-2008:0886) Important: libxml2 security update
2008-09-11 00:00:00
oraclelinux
oraclelinux
libxml and libxml2 security update
2009-08-10 00:00:00
libxml2 security update
2008-09-11 00:00:00
seebug
seebug
libxml2栈溢出和释放后使用拒绝漏洞
2009-08-12 00:00:00
libxml XML实体名堆溢出漏洞
2008-09-22 00:00:00
Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC
2009-05-27 00:00:00
chrome
chrome
Stable Update: Security fixes
2009-08-25 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-11-09 03:48:07
exploitpack
exploitpack
Apple Safari - RSS feed: Buffer Overflow via libxml2 (PoC)
2009-05-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Multiple Products libxml2 XML File Processing Entity Name Buffer Overflow (CVE-2008-3529)
2010-02-01 00:00:00
packetstorm
packetstorm
Safari RSS feed:// Buffer Overflow
2009-05-27 00:00:00
Netragard Security Advisory 2009-06-22
2009-06-23 00:00:00
ubuntucve
ubuntucve
CVE-2008-3529
2008-09-12 00:00:00
CVE-2009-2416
2009-08-11 00:00:00
CVE-2009-2414
2009-08-11 00:00:00
cve
cve
CVE-2009-2416
2009-08-11 18:30:00
CVE-2008-3529
2008-09-12 16:56:00
CVE-2009-2414
2009-08-11 18:30:00
freebsd
freebsd
libxml -- Multiple use-after-free vulnerabilities
2009-08-03 00:00:00
libxml -- Stack consumption vulnerability
2009-08-03 00:00:00
libxml2 -- two vulnerabilities
2008-08-22 00:00:00
debiancve
debiancve
CVE-2009-2416
2009-08-11 18:30:00
CVE-2008-3529
2008-09-12 16:56:00
CVE-2009-2414
2009-08-11 18:30:00
prion
prion
Design/Logic Flaw
2009-08-11 18:30:00
Heap overflow
2008-09-12 16:56:00
Design/Logic Flaw
2009-08-11 18:30:00
exploitdb
exploitdb
Apple Safari - RSS &#039;feed://&#039; Buffer Overflow via libxml2 (PoC)
2009-05-26 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2008-09-11 00:00:00
threatpost
threatpost
Apple Patches Critical Safari Vulnerabilities
2009-11-11 21:45:09

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON
Related for USN-815-1
openvas77nessus64altlinux2securityvulns5osv3fedora5f52gentoo1centos3debian3redhat3oraclelinux2seebug5chrome1veracode1exploitpack1checkpoint_advisories1packetstorm2ubuntucve3cve3freebsd3debiancve3prion3exploitdb1ubuntu1threatpost1