rpm package

suse/libxml2-python&distro=SUSE Linux Enterprise Server 11 SP3-LTSS

pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS

Vulnerabilities (20)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2017-9050	Hig	7.5	< 2.7.6-0.69.3	2.7.6-0.69.3	May 18, 2017	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
CVE-2017-9049	Hig	7.5	< 2.7.6-0.69.3	2.7.6-0.69.3	May 18, 2017	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 7
CVE-2017-9048	Hig	7.5	< 2.7.6-0.69.3	2.7.6-0.69.3	May 18, 2017	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function ma
CVE-2017-9047	Hig	7.5	< 2.7.6-0.69.3	2.7.6-0.69.3	May 18, 2017	A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the cont
CVE-2016-4483	Hig	7.5	< 2.7.6-0.44.4	2.7.6-0.44.4	Apr 11, 2017	The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of
CVE-2016-9318	Med	5.5	< 2.7.6-0.69.3	2.7.6-0.69.3	Nov 16, 2016	libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) a
CVE-2016-4449	Hig	7.1	< 2.7.6-0.44.4	2.7.6-0.44.4	Jun 9, 2016	XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vect
CVE-2016-4448	Cri	9.8	< 2.7.6-0.44.4	2.7.6-0.44.4	Jun 9, 2016	Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447	Hig	7.5	< 2.7.6-0.44.4	2.7.6-0.44.4	Jun 9, 2016	The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1840	Hig	7.8	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory c
CVE-2016-1839	Med	5.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1838	Med	5.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML docume
CVE-2016-1837	Med	5.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial
CVE-2016-1835	Hig	8.8	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1834	Hig	7.8	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
CVE-2016-1833	Med	5.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-3705	Hig	7.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 17, 2016	The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML
CVE-2015-8806	Hig	7.5	< 2.7.6-0.44.4	2.7.6-0.44.4	Apr 13, 2016	dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2016-1762	Hig	8.1	< 2.7.6-0.44.4	2.7.6-0.44.4	Mar 24, 2016	The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-2073	Med	6.5	< 2.7.6-0.44.4	2.7.6-0.44.4	Feb 12, 2016	The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

CVE-2017-9050HigMay 18, 2017
affected < 2.7.6-0.69.3fixed 2.7.6-0.69.3
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
CVE-2017-9049HigMay 18, 2017
affected < 2.7.6-0.69.3fixed 2.7.6-0.69.3
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 7
CVE-2017-9048HigMay 18, 2017
affected < 2.7.6-0.69.3fixed 2.7.6-0.69.3
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function ma
CVE-2017-9047HigMay 18, 2017
affected < 2.7.6-0.69.3fixed 2.7.6-0.69.3
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the cont
CVE-2016-4483HigApr 11, 2017
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of
CVE-2016-9318MedNov 16, 2016
affected < 2.7.6-0.69.3fixed 2.7.6-0.69.3
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) a
CVE-2016-4449HigJun 9, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vect
CVE-2016-4448CriJun 9, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447HigJun 9, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1840HigMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory c
CVE-2016-1839MedMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1838MedMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML docume
CVE-2016-1837MedMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial
CVE-2016-1835HigMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1834HigMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
CVE-2016-1833MedMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-3705HigMay 17, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML
CVE-2015-8806HigApr 13, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2016-1762HigMar 24, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-2073MedFeb 12, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.