rpm package

suse/python-libxml2&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Vulnerabilities (37)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2015-8806	Hig	7.5	< 2.9.1-24.1	2.9.1-24.1	Apr 13, 2016	dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2015-8710	Cri	9.8	< 2.9.1-17.1	2.9.1-17.1	Apr 11, 2016	The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
CVE-2016-1762	Hig	8.1	< 2.9.1-24.1	2.9.1-24.1	Mar 24, 2016	The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-2073	Med	6.5	< 2.9.1-24.1	2.9.1-24.1	Feb 12, 2016	The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
CVE-2015-8317		—	< 2.9.1-13.1	2.9.1-13.1	Dec 15, 2015	The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
CVE-2015-8242		—	< 2.9.1-13.1	2.9.1-13.1	Dec 15, 2015	The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
CVE-2015-8241		—	< 2.9.1-13.1	2.9.1-13.1	Dec 15, 2015	The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
CVE-2015-7500		—	< 2.9.1-13.1	2.9.1-13.1	Dec 15, 2015	The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
CVE-2015-7499		—	< 2.9.1-13.1	2.9.1-13.1	Dec 15, 2015	Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
CVE-2015-7498		—	< 2.9.1-13.1	2.9.1-13.1	Dec 15, 2015	Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
CVE-2015-7497		—	< 2.9.1-13.1	2.9.1-13.1	Dec 15, 2015	Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
CVE-2015-5312		—	< 2.9.1-13.1	2.9.1-13.1	Dec 15, 2015	The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
CVE-2015-8035		—	< 2.9.1-13.1	2.9.1-13.1	Nov 18, 2015	The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVE-2015-7942		—	< 2.9.1-13.1	2.9.1-13.1	Nov 18, 2015	The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different
CVE-2015-7941		—	< 2.9.1-13.1	2.9.1-13.1	Nov 18, 2015	libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as
CVE-2015-1819		—	< 2.9.1-13.1	2.9.1-13.1	Aug 14, 2015	The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
CVE-2014-0191		—	< 2.9.1-26.12.1	2.9.1-26.12.1	Jan 21, 2015	The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitutio

CVE-2015-8806HigApr 13, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2015-8710CriApr 11, 2016
affected < 2.9.1-17.1fixed 2.9.1-17.1
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
CVE-2016-1762HigMar 24, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-2073MedFeb 12, 2016
affected < 2.9.1-24.1fixed 2.9.1-24.1
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
CVE-2015-8317Dec 15, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
CVE-2015-8242Dec 15, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
CVE-2015-8241Dec 15, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
CVE-2015-7500Dec 15, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
CVE-2015-7499Dec 15, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
CVE-2015-7498Dec 15, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
CVE-2015-7497Dec 15, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
CVE-2015-5312Dec 15, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
CVE-2015-8035Nov 18, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVE-2015-7942Nov 18, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different
CVE-2015-7941Nov 18, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as
CVE-2015-1819Aug 14, 2015
affected < 2.9.1-13.1fixed 2.9.1-13.1
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
CVE-2014-0191Jan 21, 2015
affected < 2.9.1-26.12.1fixed 2.9.1-26.12.1
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitutio

Page 2 of 2