rpm package
suse/libxml2&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (45)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5312 | — | < 2.7.6-0.34.1 | 2.7.6-0.34.1 | Dec 15, 2015 | The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. | ||
| CVE-2015-7942 | — | < 2.7.6-0.34.1 | 2.7.6-0.34.1 | Nov 18, 2015 | The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different | ||
| CVE-2015-7941 | — | < 2.7.6-0.34.1 | 2.7.6-0.34.1 | Nov 18, 2015 | libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as | ||
| CVE-2015-1819 | — | < 2.7.6-0.34.1 | 2.7.6-0.34.1 | Aug 14, 2015 | The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. | ||
| CVE-2014-0191 | — | < 2.7.6-0.47.1 | 2.7.6-0.47.1 | Jan 21, 2015 | The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitutio |
- CVE-2015-5312Dec 15, 2015affected < 2.7.6-0.34.1fixed 2.7.6-0.34.1
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
- CVE-2015-7942Nov 18, 2015affected < 2.7.6-0.34.1fixed 2.7.6-0.34.1
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different
- CVE-2015-7941Nov 18, 2015affected < 2.7.6-0.34.1fixed 2.7.6-0.34.1
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as
- CVE-2015-1819Aug 14, 2015affected < 2.7.6-0.34.1fixed 2.7.6-0.34.1
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
- CVE-2014-0191Jan 21, 2015affected < 2.7.6-0.47.1fixed 2.7.6-0.47.1
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitutio
Page 3 of 3