rpm package

suse/libxml2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Vulnerabilities (37)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-9597		—	< 2.9.1-26.12.1	2.9.1-26.12.1	Jul 30, 2018	It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2
CVE-2017-9050	Hig	7.5	< 2.9.1-26.15.1	2.9.1-26.15.1	May 18, 2017	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
CVE-2017-9049	Hig	7.5	< 2.9.1-26.15.1	2.9.1-26.15.1	May 18, 2017	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 7
CVE-2017-9048	Hig	7.5	< 2.9.1-26.15.1	2.9.1-26.15.1	May 18, 2017	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function ma
CVE-2017-9047	Hig	7.5	< 2.9.1-26.15.1	2.9.1-26.15.1	May 18, 2017	A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the cont
CVE-2016-4483	Hig	7.5	< 2.9.1-24.1	2.9.1-24.1	Apr 11, 2017	The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of
CVE-2016-9318	Med	5.5	< 2.9.1-26.12.1	2.9.1-26.12.1	Nov 16, 2016	libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) a
CVE-2016-4658	Cri	9.8	< 2.9.1-26.3.1	2.9.1-26.3.1	Sep 25, 2016	xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of servic
CVE-2016-4449	Hig	7.1	< 2.9.1-24.1	2.9.1-24.1	Jun 9, 2016	XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vect
CVE-2016-4448	Cri	9.8	< 2.9.1-24.1	2.9.1-24.1	Jun 9, 2016	Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447	Hig	7.5	< 2.9.1-24.1	2.9.1-24.1	Jun 9, 2016	The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1840	Hig	7.8	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory c
CVE-2016-1839	Med	5.5	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1838	Med	5.5	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML docume
CVE-2016-1837	Med	5.5	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial
CVE-2016-1835	Hig	8.8	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1834	Hig	7.8	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
CVE-2016-1833	Med	5.5	< 2.9.1-24.1	2.9.1-24.1	May 20, 2016	The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-3705	Hig	7.5	< 2.9.1-24.1	2.9.1-24.1	May 17, 2016	The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML
CVE-2016-3627	Hig	7.5	< 2.9.1-20.1	2.9.1-20.1	May 17, 2016	The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

CVE-2016-9597Jul 30, 2018
affected < 2.9.1-26.12.1fixed 2.9.1-26.12.1
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2
CVE-2017-9050HigMay 18, 2017
affected < 2.9.1-26.15.1fixed 2.9.1-26.15.1
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
CVE-2017-9049HigMay 18, 2017
affected < 2.9.1-26.15.1fixed 2.9.1-26.15.1
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 7
CVE-2017-9048HigMay 18, 2017
affected < 2.9.1-26.15.1fixed 2.9.1-26.15.1
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function ma
CVE-2017-9047HigMay 18, 2017
affected < 2.9.1-26.15.1fixed 2.9.1-26.15.1
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the cont
CVE-2016-4483HigApr 11, 2017
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of
CVE-2016-9318MedNov 16, 2016
affected < 2.9.1-26.12.1fixed 2.9.1-26.12.1
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) a
CVE-2016-4658CriSep 25, 2016
affected < 2.9.1-26.3.1fixed 2.9.1-26.3.1
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of servic
CVE-2016-4449HigJun 9, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vect
CVE-2016-4448CriJun 9, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447HigJun 9, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1840HigMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory c
CVE-2016-1839MedMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1838MedMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML docume
CVE-2016-1837MedMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial
CVE-2016-1835HigMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1834HigMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
CVE-2016-1833MedMay 20, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-3705HigMay 17, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML
CVE-2016-3627HigMay 17, 2016
affected < 2.9.1-20.1fixed 2.9.1-20.1
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

Page 1 of 2