rpm package

suse/libxml2&distro=SUSE Linux Enterprise Server for SAP Applications 12

pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Vulnerabilities (33)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-9050	Hig	7.5	< 2.9.1-26.15.1	2.9.1-26.15.1	May 18, 2017	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
CVE-2017-9049	Hig	7.5	< 2.9.1-26.15.1	2.9.1-26.15.1	May 18, 2017	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 7
CVE-2017-9048	Hig	7.5	< 2.9.1-26.15.1	2.9.1-26.15.1	May 18, 2017	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function ma
CVE-2017-9047	Hig	7.5	< 2.9.1-26.15.1	2.9.1-26.15.1	May 18, 2017	A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the cont
CVE-2016-4483	Hig	7.5	< 2.9.1-24.1	2.9.1-24.1	Apr 11, 2017	The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of
CVE-2016-4449	Hig	7.1	< 2.9.1-24.1	2.9.1-24.1	Jun 9, 2016	XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vect
CVE-2016-4448	Cri	9.8	< 2.9.1-24.1	2.9.1-24.1	Jun 9, 2016	Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447	Hig	7.5	< 2.9.1-24.1	2.9.1-24.1	Jun 9, 2016	The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1840	Hig	7.8	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory c
CVE-2016-1839	Med	5.5	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1838	Med	5.5	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML docume
CVE-2016-1837	Med	5.5	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial
CVE-2016-1835	Hig	8.8	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1834	Hig	7.8	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
CVE-2016-1833	Med	5.5	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-3705	Hig	7.5	< 2.9.1-24.1	2.9.1-24.1	May 17, 2016	The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML
CVE-2016-3627	Hig	7.5	< 2.9.1-20.1	2.9.1-20.1	May 17, 2016	The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
CVE-2015-8806	Hig	7.5	< 2.9.1-24.1	2.9.1-24.1	Apr 13, 2016	dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2015-8710	Cri	9.8	< 2.9.1-17.1	2.9.1-17.1	Apr 11, 2016	The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
CVE-2016-1762	Hig	8.1	< 2.9.1-24.1	2.9.1-24.1	Mar 24, 2016	The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

CVE-2017-9050HigMay 18, 2017
affected < 2.9.1-26.15.1fixed 2.9.1-26.15.1
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
CVE-2017-9049HigMay 18, 2017
affected < 2.9.1-26.15.1fixed 2.9.1-26.15.1
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 7
CVE-2017-9048HigMay 18, 2017
affected < 2.9.1-26.15.1fixed 2.9.1-26.15.1
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function ma
CVE-2017-9047HigMay 18, 2017
affected < 2.9.1-26.15.1fixed 2.9.1-26.15.1
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the cont
CVE-2016-4483HigApr 11, 2017
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of
CVE-2016-4449HigJun 9, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vect
CVE-2016-4448CriJun 9, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447HigJun 9, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1840HigMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory c
CVE-2016-1839MedMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1838MedMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML docume
CVE-2016-1837MedMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial
CVE-2016-1835HigMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1834HigMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
CVE-2016-1833MedMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-3705HigMay 17, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML
CVE-2016-3627HigMay 17, 2016
affected < 2.9.1-20.1fixed 2.9.1-20.1
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
CVE-2015-8806HigApr 13, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2015-8710CriApr 11, 2016
affected < 2.9.1-17.1fixed 2.9.1-17.1
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
CVE-2016-1762HigMar 24, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Page 1 of 2