rpm package

suse/libxml2-python&distro=SUSE Manager 2.1

pkg:rpm/suse/libxml2-python&distro=SUSE%20Manager%202.1

Vulnerabilities (15)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2016-4483	Hig	7.5	< 2.7.6-0.44.4	2.7.6-0.44.4	Apr 11, 2017	The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of
CVE-2016-4449	Hig	7.1	< 2.7.6-0.44.4	2.7.6-0.44.4	Jun 9, 2016	XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vect
CVE-2016-4448	Cri	9.8	< 2.7.6-0.44.4	2.7.6-0.44.4	Jun 9, 2016	Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447	Hig	7.5	< 2.7.6-0.44.4	2.7.6-0.44.4	Jun 9, 2016	The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1840	Hig	7.8	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory c
CVE-2016-1839	Med	5.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1838	Med	5.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML docume
CVE-2016-1837	Med	5.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial
CVE-2016-1835	Hig	8.8	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1834	Hig	7.8	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
CVE-2016-1833	Med	5.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 20, 2016	The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-3705	Hig	7.5	< 2.7.6-0.44.4	2.7.6-0.44.4	May 17, 2016	The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML
CVE-2015-8806	Hig	7.5	< 2.7.6-0.44.4	2.7.6-0.44.4	Apr 13, 2016	dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2016-1762	Hig	8.1	< 2.7.6-0.44.4	2.7.6-0.44.4	Mar 24, 2016	The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-2073	Med	6.5	< 2.7.6-0.44.4	2.7.6-0.44.4	Feb 12, 2016	The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

CVE-2016-4483HigApr 11, 2017
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of
CVE-2016-4449HigJun 9, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vect
CVE-2016-4448CriJun 9, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447HigJun 9, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
CVE-2016-1840HigMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory c
CVE-2016-1839MedMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1838MedMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML docume
CVE-2016-1837MedMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial
CVE-2016-1835HigMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1834HigMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v
CVE-2016-1833MedMay 20, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-3705HigMay 17, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML
CVE-2015-8806HigApr 13, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2016-1762HigMar 24, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-2073MedFeb 12, 2016
affected < 2.7.6-0.44.4fixed 2.7.6-0.44.4
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.