Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2015-8035
HistoryNov 02, 2015 - 12:00 a.m.

CVE-2015-8035

2015-11-0200:00:00
ubuntu.com
ubuntu.com
11

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect
compression errors, which allows context-dependent attackers to cause a
denial of service (process hang) via crafted XML data.

Bugs

Notes

Author Note
tyhicks The test xz file does not trigger the DoS in our 2.9.2 builds. xz support was accidentally disabled in 2.9.2. Marking the devel release as ‘needed’ so that the build system fix (18b8988511b0954272cac4d6c3e6724f9dbf6e0a) doesn’t slip in without this CVE fix.
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlibxml2< 2.9.1+dfsg1-3ubuntu4.5UNKNOWN

Related

cve 3
openvas 18
nessus 36
prion 3
veracode 1
mageia 1
debiancve 3
alpinelinux 2
redhatcve 2
ubuntucve 2
fedora 4
ubuntu 1
ibm 10
rubygems 1
redhat 1
centos 1
amazon 2
oraclelinux 1
f5 1
archlinux 1
freebsd 1
debian 2
osv 35
gentoo 1
apple 8
suse 1
tenable 1
ics 1
cve
cve
CVE-2015-8035
2015-11-18 16:59:00
CVE-2018-9251
2018-04-04 02:29:00
CVE-2018-14567
2018-08-16 20:29:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0433)
2015-11-08 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1316)
2020-01-23 00:00:00
Fedora Update for mingw-libxml2 FEDORA-2016-189
2016-02-17 00:00:00
nessus
nessus
Tenable Log Correlation Engine (LCE) < 4.8.0 Libxml2 DoS
2016-04-25 00:00:00
EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1316)
2019-05-01 00:00:00
Oracle Linux 8 : libxml2 (ELSA-2020-1827)
2023-09-07 00:00:00
prion
prion
Design/Logic Flaw
2015-11-18 16:59:00
Design/Logic Flaw
2018-04-04 02:29:00
Design/Logic Flaw
2018-08-16 20:29:00
veracode
veracode
Denial Of Service (DoS)
2018-08-01 07:49:45
mageia
mageia
Updated libxml2 packages fix security vulnerability
2015-11-06 01:46:03
debiancve
debiancve
CVE-2015-8035
2015-11-18 16:59:00
CVE-2018-9251
2018-04-04 02:29:00
CVE-2018-14567
2018-08-16 20:29:00
alpinelinux
alpinelinux
CVE-2018-9251
2018-04-04 02:29:00
CVE-2018-14567
2018-08-16 20:29:00
redhatcve
redhatcve
CVE-2018-9251
2018-04-09 20:20:56
CVE-2018-14567
2018-08-22 02:19:05
ubuntucve
ubuntucve
CVE-2018-9251
2018-04-04 00:00:00
CVE-2018-14567
2018-07-31 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: mingw-libxml2-2.9.3-1.fc23
2016-02-17 04:02:04
[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22
2016-02-17 04:26:04
[SECURITY] Fedora 23 Update: libxml2-2.9.3-1.fc23
2015-11-26 21:01:32
ubuntu
ubuntu
libxml2 vulnerabilities
2015-11-16 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities
2020-07-27 09:24:37
Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Watson Studio Local
2019-12-18 18:01:21
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities
2021-04-09 03:15:36
rubygems
rubygems
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
2015-04-13 21:00:00
redhat
redhat
(RHSA-2020:1190) Moderate: libxml2 security update
2020-03-31 09:30:25
centos
centos
libxml2 security update
2020-04-08 18:42:56
amazon
amazon
Important: libxml2
2020-08-10 22:59:00
Important: libxml2
2020-07-21 16:34:00
oraclelinux
oraclelinux
libxml2 security update
2020-04-06 00:00:00
f5
f5
K76678525 : libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567
2022-02-15 00:00:00
archlinux
archlinux
libxml2: multiple issues
2015-12-09 00:00:00
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2015-11-20 00:00:00
debian
debian
[SECURITY] [DSA 3430-1] libxml2 security update
2015-12-23 13:19:18
[SECURITY] [DSA 3430-1] libxml2 security update
2015-12-23 13:19:18
osv
osv
CVE-2016-9597
2018-07-30 14:29:02
CVE-2016-3709
2022-07-28 17:15:07
CVE-2016-4483
2017-04-11 16:59:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
apple
apple
About the security content of tvOS 9.2
2016-03-21 00:00:00
About the security content of tvOS 9.2 - Apple Support
2017-01-23 03:54:34
About the security content of watchOS 2.2 - Apple Support
2017-01-23 03:54:34
suse
suse
Security update for sles12-docker-image (important)
2016-03-16 15:28:52
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON
Related for UB:CVE-2015-8035
cve3openvas18nessus36prion3veracode1mageia1debiancve3alpinelinux2redhatcve2ubuntucve2fedora4ubuntu1ibm10rubygems1redhat1centos1amazon2oraclelinux1f51archlinux1freebsd1debian2osv35gentoo1apple8suse1tenable1ics1