Download
| Alert*
oval:org.secpod.oval:def:52230
libxml2: GNOME XML library Details: USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a regression when using xmllint with the --postvalid option. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2214-1 introduced a regression in libxml2 ... oval:org.secpod.oval:def:52243 libxml2: GNOME XML library Details: USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2214-1 introduced a regression in libxml2. oval:org.secpod.oval:def:701024 libxml2: GNOME XML library Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:39489 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:601712 Daniel P. Berrange discovered a denial of service vulnerability in libxml2 entity substitution. oval:org.secpod.oval:def:600860 Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:702058 libxml2: GNOME XML library Details: USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a regression when using xmllint with the --postvalid option. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2214-1 introduced a regression in libxml2 ... oval:org.secpod.oval:def:701365 libxml2: GNOME XML library Details: USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-1904-1 introduced a regression in libxml2. oval:org.secpod.oval:def:701274 libxml2: GNOME XML library libxml2 could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:702081 libxml2: GNOME XML library Details: USN-2214-1 fixed vulnerabilities in libxml2. The upstream fix introduced a number of regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-2214-1 introduced a regression in libxml2. oval:org.secpod.oval:def:701678 libxml2 is installed oval:org.secpod.oval:def:600921 Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:701100 libxml2: GNOME XML library Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:701947 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:600560 Chris Evans discovered that libxml was vulnerable to buffer overflows, which allowed a crafted XML input file to potentially execute arbitrary code. oval:org.secpod.oval:def:600738 It was discovered that the internal hashing routine of libxml2, a library providing an extensive API to handle XML data, is vulnerable to predictable hash collisions. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. A ... oval:org.secpod.oval:def:2001072 The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service or information disclosure. oval:org.secpod.oval:def:601128 Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project"s XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly. oval:org.secpod.oval:def:701359 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:600710 Many security problems had been fixed in libxml2, a popular library to handle XML data files. CVE-2011-3919: Jüri Aedla discovered a heap-based buffer overflow that allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2011 ... oval:org.secpod.oval:def:88357 Felix Wilhelm reported that several buffer handling functions in libxml2, a library providing support to read, modify and write XML and HTML files, don"t check for integer overflows, resulting in out-of-bounds memory writes if specially crafted, multi-gigabyte XML files are processed. An attacker ca ... oval:org.secpod.oval:def:79881 libxml2: GNOME XML library libxml2 could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:88425 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. CVE-2022-40303 Maddie Stone discovered that missing safety checks in several functions can result in integer overflows when parsing a XML document with the XML_PARSE_HUGE opt ... oval:org.secpod.oval:def:600998 Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing st ... oval:org.secpod.oval:def:701235 libxml2: GNOME XML library libxml2 could be made to hang if it received specially crafted input. oval:org.secpod.oval:def:702264 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:601808 Sogeti found a denial of service flaw in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive e ... oval:org.secpod.oval:def:601952 It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled. In addition, this update addresses a regression introduced in DSA 3057 by t ... oval:org.secpod.oval:def:52330 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:602033 The update for libxml2 issued as DSA-3057-1 caused regressions due to an incomplete patch to address CVE-2014-3660. Updated packages are available to address this problem. For reference the original advisory text follows. Sogeti found a denial of service flaw in libxml2, a library providing support ... oval:org.secpod.oval:def:52218 libxml2: GNOME XML library libxml2 could be made to consume resources if it processed a specially crafted file. oval:org.secpod.oval:def:602712 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ... oval:org.secpod.oval:def:704168 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:52063 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:52092 libxml2: GNOME XML library libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:603240 Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2"s XPath engine via an XSLT transformation. oval:org.secpod.oval:def:53231 Nick Wellnhofer discovered that certain function calls inside XPath predicates can lead to use-after-free and double-free errors when executed by libxml2"s XPath engine via an XSLT transformation. oval:org.secpod.oval:def:704219 libxml2: GNOME XML library libxml2 could be made to crash or run arbitrary code if it opened a specially crafted file. oval:org.secpod.oval:def:705379 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:31643 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:31644 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:52162 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:52673 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:702930 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:702847 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:73703 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:73696 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:703519 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:51745 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:602320 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive am ... oval:org.secpod.oval:def:52645 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:702874 libxml2: GNOME XML library libxml2 could be made to crash if it opened a specially crafted file. oval:org.secpod.oval:def:88564 libxml2: GNOME XML library libxml2 could be made to execute arbitrary code if it received a specially crafted file. oval:org.secpod.oval:def:707658 libxml2: GNOME XML library libxml2 could be made to execute arbitrary code if it received a specially crafted file. oval:org.secpod.oval:def:2000543 An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. oval:org.secpod.oval:def:98724 libxml2: GNOME XML library libxml2 could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:2004429 A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. oval:org.secpod.oval:def:2004430 A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues in libxml2. oval:org.secpod.oval:def:2001109 ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser." oval:org.secpod.oval:def:704282 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:53120 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ... oval:org.secpod.oval:def:52111 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:51892 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:51019 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:703799 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:2000614 A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnera ... oval:org.secpod.oval:def:47256 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:603070 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ... oval:org.secpod.oval:def:703151 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:51578 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:602524 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the applica ... oval:org.secpod.oval:def:51504 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:600814 Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code. oval:org.secpod.oval:def:700866 libxml2: GNOME XML library Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:91472 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:708222 libxml2: GNOME XML library Details: USN-6028-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 23.04. Original advisory Several security issues were fixed in libxml2. oval:org.secpod.oval:def:708099 libxml2: GNOME XML library Several security issues were fixed in libxml2. oval:org.secpod.oval:def:93325 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. CVE-2023-28484 A NULL pointer dereference flaw when parsing invalid XML schemas may result in denial of service. CVE-2023-29469 It was reported that when hashing empty string ... oval:org.secpod.oval:def:610513 Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. CVE-2023-28484 A NULL pointer dereference flaw when parsing invalid XML schemas may result in denial of service. CVE-2023-29469 It was reported that when hashing empty string ... |