nessus
via4
|
NASL family | F5 Networks Local Security Checks | NASL id | F5_BIGIP_SOL24322529.NASL | description | CVE-2016-4447 The xmlParseElementDecl function in parser.c in libxml2
before 2.9.4 allows context-dependent attackers to cause a denial of
service (heap-based buffer underread and application crash) via a
crafted file, involving xmlParseName.
CVE-2016-4449 XML external entity (XXE) vulnerability in the
xmlStringLenDecodeEntities function in parser.c in libxml2 before
2.9.4, when not in validating mode, allows context-dependent attackers
to read arbitrary files or cause a denial of service (resource
consumption) via unspecified vectors. | last seen | 2019-01-16 | modified | 2019-01-04 | plugin id | 95940 | published | 2016-12-20 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=95940 | title | F5 Networks BIG-IP : libxml2 vulnerabilities (K24322529) |
NASL family | MacOS X Local Security Checks | NASL id | MACOSX_10_11_6.NASL | description | The remote host is running a version of Mac OS X that is 10.11.x prior
to 10.11.6. It is, therefore, affected by multiple vulnerabilities in
the following components :
- apache_mod_php
- Audio
- bsdiff
- CFNetwork
- CoreGraphics
- FaceTime
- Graphics Drivers
- ImageIO
- Intel Graphics Driver
- IOHIDFamily
- IOKit
- IOSurface
- Kernel
- libc++abi
- libexpat
- LibreSSL
- libxml2
- libxslt
- Login Window
- OpenSSL
- QuickTime
- Safari Login AutoFill
- Sandbox Profiles
Note that successful exploitation of the most serious issues can
result in arbitrary code execution. | last seen | 2019-01-16 | modified | 2018-07-14 | plugin id | 92496 | published | 2016-07-21 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92496 | title | Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities |
NASL family | Slackware Local Security Checks | NASL id | SLACKWARE_SSA_2016-148-01.NASL | description | New libxml2 packages are available for Slackware 14.0, 14.1, and
-current to fix security issues. | last seen | 2018-09-02 | modified | 2016-10-19 | plugin id | 91353 | published | 2016-05-31 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91353 | title | Slackware 14.0 / 14.1 / current : libxml2 (SSA:2016-148-01) |
NASL family | OracleVM Local Security Checks | NASL id | ORACLEVM_OVMSA-2016-0087.NASL | description | The remote OracleVM system is missing necessary patches to address
critical security updates :
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in
tarball
- Heap-based buffer overread in xmlNextChar
(CVE-2016-1762)
- Bug 763071: Heap-buffer-overflow in xmlStrncat
(CVE-2016-1834)
- Bug 757711: Heap-buffer-overflow in
xmlFAParsePosCharGroup (CVE-2016-1840)
- Bug 758588: Heap-based buffer overread in
xmlParserPrintFileContextInternal (CVE-2016-1838)
- Bug 758605: Heap-based buffer overread in
xmlDictAddString (CVE-2016-1839)
- Bug 759398: Heap use-after-free in xmlDictComputeFastKey
(CVE-2016-1836)
- Fix inappropriate fetch of entities content
(CVE-2016-4449)
- Heap use-after-free in htmlParsePubidLiteral and
htmlParseSystemiteral (CVE-2016-1837)
- Heap use-after-free in xmlSAX2AttributeNs
(CVE-2016-1835)
- Heap-based buffer-underreads due to xmlParseName
(CVE-2016-4447)
- Heap-based buffer overread in htmlCurrentChar
(CVE-2016-1833)
- Add missing increments of recursion depth counter to XML
parser. (CVE-2016-3705)
- Avoid building recursive entities (CVE-2016-3627)
- Fix some format string warnings with possible format
string vulnerability (CVE-2016-4448)
- More format string warnings with possible format string
vulnerability (CVE-2016-4448)
- Fix large parse of file from memory (rhbz#862969) | last seen | 2019-01-16 | modified | 2018-07-24 | plugin id | 91800 | published | 2016-06-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91800 | title | OracleVM 3.3 / 3.4 : libxml2 (OVMSA-2016-0087) |
NASL family | Peer-To-Peer File Sharing | NASL id | ITUNES_12_4_2_BANNER.NASL | description | The version of Apple iTunes running on the remote Windows host is
prior to 12.4.2. It is, therefore, affected by multiple
vulnerabilities :
- Multiple memory corruption issues exist in the libxslt
component due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this to cause a denial of service condition or the
execution of arbitrary code. (CVE-2016-1684,
CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,
CVE-2016-4610, CVE-2016-4612)
- Multiple memory corruption issues exist in the libxml2
component that allow a remote attacker to cause a denial
of service condition or the execution of arbitrary code.
(CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,
CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,
CVE-2016-4616, CVE-2016-4619)
- An XXE (Xml eXternal Entity) injection vulnerability
exists in the libxml2 component due to an incorrectly
configured XML parser accepting XML external entities
from an untrusted source. A remote attacker can exploit
this, via a specially crafted XML file, to disclose
arbitrary files and user information. (CVE-2016-4449)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number. | last seen | 2019-01-16 | modified | 2018-07-12 | plugin id | 92411 | published | 2016-07-19 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92411 | title | Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check) |
NASL family | Misc. | NASL id | APPLETV_9_2_2.NASL | description | According to its banner, the version of the remote Apple TV device is
prior to 9.2.2. It is, therefore, affected by multiple vulnerabilities
in the following components :
- CoreGraphics
- ImageIO
- IOAcceleratorFamily
- IOHIDFamily
- Kernel
- libxml2
- libxslt
- Sandbox Profiles
- WebKit
- WebKit Page Loading
Note that only 4th generation models are affected by the
vulnerabilities. | last seen | 2019-01-16 | modified | 2018-12-14 | plugin id | 92494 | published | 2016-07-21 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92494 | title | Apple TV < 9.2.2 Multiple Vulnerabilities |
NASL family | Windows | NASL id | ITUNES_12_4_2.NASL | description | The version of Apple iTunes installed on the remote Windows host is
prior to 12.4.2. It is, therefore, affected by multiple
vulnerabilities :
- Multiple memory corruption issues exist in the libxslt
component due to improper validation of user-supplied
input. An unauthenticated, remote attacker can exploit
this to cause a denial of service condition or the
execution of arbitrary code. (CVE-2016-1684,
CVE-2016-4607, CVE-2016-4608, CVE-2016-4609,
CVE-2016-4610, CVE-2016-4612)
- Multiple memory corruption issues exist in the libxml2
component that allow a remote attacker to cause a denial
of service condition or the execution of arbitrary code.
(CVE-2016-1836, CVE-2016-4447, CVE-2016-4448,
CVE-2016-4483, CVE-2016-4614, CVE-2016-4615,
CVE-2016-4616, CVE-2016-4619)
- An XXE (Xml eXternal Entity) injection vulnerability
exists in the libxml2 component due to an incorrectly
configured XML parser accepting XML external entities
from an untrusted source. A remote attacker can exploit
this, via a specially crafted XML file, to disclose
arbitrary files and user information. (CVE-2016-4449)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number. | last seen | 2019-01-16 | modified | 2018-07-12 | plugin id | 92410 | published | 2016-07-19 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92410 | title | Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check) |
NASL family | SuSE Local Security Checks | NASL id | OPENSUSE-2016-733.NASL | description | This update for libxml2 fixes the following security issues :
- CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A
Heap-buffer overread was fixed in libxml2/dict.c
[bsc#963963, bsc#965283, bsc#981114].
- CVE-2016-4483: Code was added to avoid an out of bound
access when serializing malformed strings [bsc#978395].
- CVE-2016-1762: Fixed a heap-based buffer overread in
xmlNextChar [bsc#981040].
- CVE-2016-1834: Fixed a heap-buffer-overflow in
xmlStrncat [bsc#981041].
- CVE-2016-1833: Fixed a heap-based buffer overread in
htmlCurrentChar [bsc#981108].
- CVE-2016-1835: Fixed a heap use-after-free in
xmlSAX2AttributeNs [bsc#981109].
- CVE-2016-1837: Fixed a heap use-after-free in
htmlParsePubidLiteral and htmlParseSystemiteral
[bsc#981111].
- CVE-2016-1838: Fixed a heap-based buffer overread in
xmlParserPrintFileContextInternal [bsc#981112].
- CVE-2016-1840: Fixed a heap-buffer-overflow in
xmlFAParsePosCharGroup [bsc#981115].
- CVE-2016-4447: Fixed a heap-based buffer-underreads due
to xmlParseName [bsc#981548].
- CVE-2016-4448: Fixed some format string warnings with
possible format string vulnerability [bsc#981549],
- CVE-2016-4449: Fixed inappropriate fetch of entities
content [bsc#981550].
- CVE-2016-3705: Fixed missing increment of recursion
counter.
This update was imported from the SUSE:SLE-12:Update update project. | last seen | 2019-01-16 | modified | 2016-10-13 | plugin id | 91639 | published | 2016-06-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91639 | title | openSUSE Security Update : libxml2 (openSUSE-2016-733) |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2016-1292.NASL | description | An update for libxml2 is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
[Updated 18 July 2016] This advisory has been updated to push packages
into the Red Hat Enterprise Linux 6 Desktop channels. The packages
included in this revised update have not been changed in any way from
the packages included in the original advisory.
The libxml2 library is a development toolbox providing the
implementation of various XML standards.
Security Fix(es) :
A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary
code with the permissions of the user running the application.
(CVE-2016-1834, CVE-2016-1840)
Multiple denial of service flaws were found in libxml2. A remote
attacker could provide a specially crafted XML file that, when
processed by an application using libxml2, could cause that
application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,
CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,
CVE-2016-4449) | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 91802 | published | 2016-06-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91802 | title | RHEL 6 / 7 : libxml2 (RHSA-2016:1292) |
NASL family | Scientific Linux Local Security Checks | NASL id | SL_20160623_LIBXML2_ON_SL6_X.NASL | description | Security Fix(es) :
A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary
code with the permissions of the user running the application.
(CVE-2016-1834, CVE-2016-1840)
Multiple denial of service flaws were found in libxml2. A remote
attacker could provide a specially crafted XML file that, when
processed by an application using libxml2, could cause that
application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,
CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,
CVE-2016-4449) | last seen | 2019-01-16 | modified | 2018-12-28 | plugin id | 91808 | published | 2016-06-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91808 | title | Scientific Linux Security Update : libxml2 on SL6.x, SL7.x i386/x86_64 |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2017-BE8574D593.NASL | description | Update to latest upstream release, includes several security related
fixes.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues. | last seen | 2019-01-16 | modified | 2017-04-20 | plugin id | 99492 | published | 2017-04-20 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99492 | title | Fedora 24 : libxml2 (2017-be8574d593) |
NASL family | Ubuntu Local Security Checks | NASL id | UBUNTU_USN-2994-1.NASL | description | It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could possibly cause libxml2
to crash, resulting in a denial of service. (CVE-2015-8806,
CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)
It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could cause libxml2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-1762, CVE-2016-1834)
Mateusz Jurczyk discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2
to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-1833, CVE-2016-1838, CVE-2016-1839)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled
certain malformed documents. If a user or automated system were
tricked into opening a specially crafted document, an attacker could
cause libxml2 to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2016-1835, CVE-2016-1837)
Wei Lei and Liu Yang discovered that libxml2 incorrectly handled
certain malformed documents. If a user or automated system were
tricked into opening a specially crafted document, an attacker could
cause libxml2 to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS,
Ubuntu 15.10 and Ubuntu 16.04 LTS. (CVE-2016-1836)
Kostya Serebryany discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could cause libxml2
to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2016-1840)
It was discovered that libxml2 would load certain XML external
entities. If a user or automated system were tricked into opening a
specially crafted document, an attacker could possibly obtain access
to arbitrary files or cause resource consumption. (CVE-2016-4449)
Gustavo Grieco discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
opening a specially crafted document, an attacker could possibly cause
libxml2 to crash, resulting in a denial of service. (CVE-2016-4483).
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-12-01 | plugin id | 91499 | published | 2016-06-07 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91499 | title | Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libxml2 vulnerabilities (USN-2994-1) |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2017-A3A47973EB.NASL | description | Update to latest upstream release, includes several security related
fixes.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues. | last seen | 2019-01-16 | modified | 2017-04-20 | plugin id | 99491 | published | 2017-04-20 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99491 | title | Fedora 25 : libxml2 (2017-a3a47973eb) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2016-1538-1.NASL | description | This update for libxml2 fixes the following security issues :
- CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A
Heap-buffer overread was fixed in libxml2/dict.c
[bsc#963963, bsc#965283, bsc#981114].
- CVE-2016-4483: Code was added to avoid an out of bound
access when serializing malformed strings [bsc#978395].
- CVE-2016-1762: Fixed a heap-based buffer overread in
xmlNextChar [bsc#981040].
- CVE-2016-1834: Fixed a heap-buffer-overflow in
xmlStrncat [bsc#981041].
- CVE-2016-1833: Fixed a heap-based buffer overread in
htmlCurrentChar [bsc#981108].
- CVE-2016-1835: Fixed a heap use-after-free in
xmlSAX2AttributeNs [bsc#981109].
- CVE-2016-1837: Fixed a heap use-after-free in
htmlParsePubidLiteral and htmlParseSystemiteral
[bsc#981111].
- CVE-2016-1838: Fixed a heap-based buffer overread in
xmlParserPrintFileContextInternal [bsc#981112].
- CVE-2016-1840: Fixed a heap-buffer-overflow in
xmlFAParsePosCharGroup [bsc#981115].
- CVE-2016-4447: Fixed a heap-based buffer-underreads due
to xmlParseName [bsc#981548].
- CVE-2016-4448: Fixed some format string warnings with
possible format string vulnerability [bsc#981549],
- CVE-2016-4449: Fixed inappropriate fetch of entities
content [bsc#981550].
- CVE-2016-3705: Fixed missing increment of recursion
counter.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-29 | plugin id | 91656 | published | 2016-06-17 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91656 | title | SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:1538-1) |
NASL family | Debian Local Security Checks | NASL id | DEBIAN_DSA-3593.NASL | description | Several vulnerabilities were discovered in libxml2, a library
providing support to read, modify and write XML and HTML files. A
remote attacker could provide a specially crafted XML or HTML file
that, when processed by an application using libxml2, would cause a
denial-of-service against the application, or potentially the
execution of arbitrary code with the privileges of the user running
the application. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 91447 | published | 2016-06-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91447 | title | Debian DSA-3593-1 : libxml2 - security update |
NASL family | CentOS Local Security Checks | NASL id | CENTOS_RHSA-2016-1292.NASL | description | An update for libxml2 is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
[Updated 18 July 2016] This advisory has been updated to push packages
into the Red Hat Enterprise Linux 6 Desktop channels. The packages
included in this revised update have not been changed in any way from
the packages included in the original advisory.
The libxml2 library is a development toolbox providing the
implementation of various XML standards.
Security Fix(es) :
A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary
code with the permissions of the user running the application.
(CVE-2016-1834, CVE-2016-1840)
Multiple denial of service flaws were found in libxml2. A remote
attacker could provide a specially crafted XML file that, when
processed by an application using libxml2, could cause that
application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,
CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,
CVE-2016-4449) | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 91786 | published | 2016-06-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91786 | title | CentOS 6 / 7 : libxml2 (CESA-2016:1292) |
NASL family | Junos Local Security Checks | NASL id | JUNIPER_JSA10916.NASL | description | According to its self-reported version number, the remote Juniper
Junos device is affected by a Multiple vulnerabilities in libxml2:
- Format string vulnerability in libxml2 before 2.9.4 allows
attackers to have unspecified impact via format string
specifiers in unknown vectors.(CVE-2016-4448)
- The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and
earlier, when used in recovery mode, allows context-dependent
attackers to cause a denial of service (infinite recursion, stack
consumption, and application crash) via a crafted XML document.
(CVE-2016-3627) | last seen | 2019-01-19 | modified | 2019-01-18 | plugin id | 121070 | published | 2019-01-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=121070 | title | Junos OS: Multiple vulnerabilities in libxml2 (JSA10916) |
NASL family | MacOS X Local Security Checks | NASL id | MACOSX_SECUPD2016-004.NASL | description | The remote host is running a version of Mac OS X that is 10.9.5 or
10.10.5 and is missing Security Update 2016-004. It is, therefore,
affected by multiple vulnerabilities in the following components :
- apache_mod_php (affects 10.10.5 only)
- CoreGraphics
- ImageIO
- libxml2
- libxslt
Note that successful exploitation of the most serious issues can
result in arbitrary code execution. | last seen | 2019-01-16 | modified | 2018-07-14 | plugin id | 92497 | published | 2016-07-21 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92497 | title | Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004) |
NASL family | Misc. | NASL id | LCE_4_8_1.NASL | description | The version of Tenable Log Correlation Engine (LCE) installed on the
remote host is prior to 4.8.1. It is, therefore, affected by the
following vulnerabilities :
- Multiple cross-site scripting (XSS) vulnerabilities
exist in the Handlebars library in the
lib/handlebars/utils.js script due to a failure to
properly escape input passed as unquoted attributes to
templates. An unauthenticated, remote attacker can
exploit these vulnerabilities, via a specially crafted
request, to execute arbitrary script code in a user's
browser session. (CVE-2015-8861, CVE-2015-8862)
- A heap-based buffer overflow condition exists in the
Perl-Compatible Regular Expressions (PCRE) component
that is triggered when processing nested back references
in a duplicate named group. An unauthenticated, remote
attacker can exploit this to cause a denial of service
condition or the execution of arbitrary code.
(CVE-2016-1283)
- An out-of-bounds read error exists in the libxml2
component in parserInternals.c due to improper parsing
of characters in an XML file. An unauthenticated, remote
attacker can exploit this to disclose sensitive
information or cause a denial of service condition.
(CVE-2016-1833)
- An overflow condition exists in the libxml2 component in
xmlstring.c due to improper validation of user-supplied
input when handling a string with NULL. An
unauthenticated, remote attacker can exploit this, via a
specially crafted file, to cause a denial of service
condition or the execution of arbitrary code.
(CVE-2016-1834)
- Multiple use-after-free errors exist in the libxml2
component in parser.c that is triggered when parsing
complex names. An unauthenticated, remote attacker can
exploit these issues, via a specially crafted file, to
dereference already freed memory and potentially execute
arbitrary code. (CVE-2016-1835, CVE-2016-1836)
- Multiple heap-based buffer overflow conditions exist in
the libxml2 component in HTMLparser.c and xmlregexp.c
due to improper validation of user-supplied input when
parsing characters in a range. An unauthenticated,
remote attacker can exploit these issues, via a
specially crafted file, to cause a denial of service
condition or the execution of arbitrary code.
(CVE-2016-1837, CVE-2016-1839, CVE-2016-1840)
- Multiple out-of-bounds read errors exist in the libxml2
component in parser.c. An unauthenticated, remote
attacker can exploit these issues to disclose sensitive
information or cause a denial of service condition.
(CVE-2016-1838, CVE-2016-4447)
- A heap buffer overflow condition exists in the OpenSSL
component in the EVP_EncodeUpdate() function within file
crypto/evp/encode.c that is triggered when handling a
large amount of input data. An unauthenticated, remote
attacker can exploit this to cause a denial of service
condition. (CVE-2016-2105)
- A heap buffer overflow condition exists in the OpenSSL
component in the EVP_EncryptUpdate() function within
file crypto/evp/evp_enc.c that is triggered when
handling a large amount of input data after a previous
call occurs to the same function with a partial block.
An unauthenticated, remote attacker can exploit this to
cause a denial of service condition. (CVE-2016-2106)
- Flaws exist in the aesni_cbc_hmac_sha1_cipher()
function in file crypto/evp/e_aes_cbc_hmac_sha1.c and
the aesni_cbc_hmac_sha256_cipher() function in file
crypto/evp/e_aes_cbc_hmac_sha256.c that are triggered
when the connection uses an AES-CBC cipher and AES-NI
is supported by the server. A man-in-the-middle attacker
can exploit these to conduct a padding oracle attack,
resulting in the ability to decrypt the network traffic.
(CVE-2016-2107)
- A remote code execution vulnerability exists in the
OpenSSL component in the ASN.1 encoder due to an
underflow condition that occurs when attempting to
encode the value zero represented as a negative integer.
An unauthenticated, remote attacker can exploit this to
corrupt memory, resulting in the execution of arbitrary
code. (CVE-2016-2108)
- Multiple unspecified flaws exist in the d2i BIO
functions when reading ASN.1 data from a BIO due to
invalid encoding causing a large allocation of memory.
An unauthenticated, remote attacker can exploit these to
cause a denial of service condition through resource
exhaustion. (CVE-2016-2109)
- An out-of-bounds read error exists in the
X509_NAME_oneline() function within file
crypto/x509/x509_obj.c when handling very long ASN1
strings. An unauthenticated, remote attacker can exploit
this to disclose the contents of stack memory.
(CVE-2016-2176)
- An overflow condition exists in the Perl-Compatible
Regular Expressions (PCRE) component due to improper
validation of user-supplied input when handling the
(*ACCEPT) verb. An unauthenticated, remote attacker can
exploit this to cause a denial of service condition or
the execution of arbitrary code. (CVE-2016-3191)
- A flaw exists in the libxml2 component in parser.c that
occurs when handling XML content in recovery mode. An
unauthenticated, remote attacker can exploit this to
cause a stack exhaustion, resulting in a denial of
service condition. (CVE-2016-3627)
- A flaw exists in the libxml2 component in parser.c due
to improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit this to
cause a stack exhaustion, resulting in a denial of
service condition. (CVE-2016-3705)
- A format string flaw exists in the libxml2 component due
to improper use of string format specifiers (e.g. %s and
%x). An unauthenticated, remote attacker can exploit
this to cause a denial of service condition or the
execution of arbitrary code. (CVE-2016-4448)
- An XML external entity injection vulnerability exists in
parser.c due to improper parsing of XML data. An
unauthenticated, remote attacker can exploit this, via
specially crafted XML data, to disclose arbitrary files
or cause a denial of service condition. (CVE-2016-4449)
- An out-of-bounds read error exists in the libxml2
component in xmlsave.c that occurs when handling XML
content in recovery mode. An unauthenticated, remote
attacker can exploit this to disclose sensitive
information or cause a denial of service condition.
(CVE-2016-4483)
- A security bypass vulnerability exists in the libcurl
component due to the program attempting to resume TLS
sessions even if the client certificate fails. An
unauthenticated, remote attacker can exploit this to
bypass validation mechanisms. (CVE-2016-5419)
- An information disclosure vulnerability exists in the
libcurl component due to the program reusing TLS
connections with different client certificates. An
unauthenticated, remote attacker can exploit this to
disclose sensitive cross-realm information.
(CVE-2016-5420)
- A use-after-free error exists in the libcurl component
that is triggered as connection pointers are not
properly cleared for easy handles. An unauthenticated,
remote attacker can exploit this to dereference already
freed memory, potentially resulting in the execution of
arbitrary code. (CVE-2016-5421)
- Multiple stored cross-site scripting (XSS)
vulnerabilities exist due to improper validation of
user-supplied input. An authenticated, remote attacker
can exploit these, via a specially crafted request, to
execute arbitrary script code in a user's browsers
session. (CVE-2016-9261) | last seen | 2019-01-16 | modified | 2019-01-02 | plugin id | 97893 | published | 2017-03-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=97893 | title | Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities |
NASL family | Oracle Linux Local Security Checks | NASL id | ORACLELINUX_ELSA-2016-1292.NASL | description | From Red Hat Security Advisory 2016:1292 :
An update for libxml2 is now available for Red Hat Enterprise Linux 6
and Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
[Updated 18 July 2016] This advisory has been updated to push packages
into the Red Hat Enterprise Linux 6 Desktop channels. The packages
included in this revised update have not been changed in any way from
the packages included in the original advisory.
The libxml2 library is a development toolbox providing the
implementation of various XML standards.
Security Fix(es) :
A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary
code with the permissions of the user running the application.
(CVE-2016-1834, CVE-2016-1840)
Multiple denial of service flaws were found in libxml2. A remote
attacker could provide a specially crafted XML file that, when
processed by an application using libxml2, could cause that
application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835,
CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448,
CVE-2016-4449) | last seen | 2019-01-16 | modified | 2018-09-05 | plugin id | 91797 | published | 2016-06-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91797 | title | Oracle Linux 6 / 7 : libxml2 (ELSA-2016-1292) |
NASL family | Amazon Linux Local Security Checks | NASL id | ALA_ALAS-2016-719.NASL | description | A heap-based buffer overflow flaw was found in the way libxml2 parsed
certain crafted XML input. A remote attacker could provide a specially
crafted XML file that, when opened in an application linked against
libxml2, would cause the application to crash or execute arbitrary
code with the permissions of the user running the application.
(CVE-2016-1834 , CVE-2016-1840)
Multiple denial of service flaws were found in libxml2. A remote
attacker could provide a specially crafted XML file that, when
processed by an application using libxml2, could cause that
application to crash. (CVE-2016-1762 , CVE-2016-1833 , CVE-2016-1835 ,
CVE-2016-1836 , CVE-2016-1837 , CVE-2016-1838 , CVE-2016-1839 ,
CVE-2016-3627 , CVE-2016-3705 , CVE-2016-4447 , CVE-2016-4448 ,
CVE-2016-4449) | last seen | 2019-01-16 | modified | 2018-04-18 | plugin id | 92221 | published | 2016-07-15 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=92221 | title | Amazon Linux AMI : libxml2 (ALAS-2016-719) |
NASL family | Debian Local Security Checks | NASL id | DEBIAN_DLA-503.NASL | description | Several vulnerabilities were discovered in libxml2, a library
providing support to read, modify and write XML and HTML files. A
remote attacker could provide a specially crafted XML or HTML file
that, when processed by an application using libxml2, would cause a
denial of service against the application, or potentially the
execution of arbitrary code with the privileges of the user running
the application.
For Debian 7 'Wheezy', these problems have been fixed in version
2.8.0+dfsg1-7+wheezy6.
We recommend that you upgrade your libxml2 packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues. | last seen | 2019-01-16 | modified | 2018-07-06 | plugin id | 91472 | published | 2016-06-06 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=91472 | title | Debian DLA-503-1 : libxml2 security update |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2016-1604-1.NASL | description | This update for libxml2 fixes the following security issues :
- CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A
Heap-buffer overread was fixed in libxml2/dict.c
[bsc#963963, bsc#965283, bsc#981114].
- CVE-2016-4483: Code was added to avoid an out of bound
access when serializing malformed strings [bsc#978395].
- CVE-2016-1762: Fixed a heap-based buffer overread in
xmlNextChar [bsc#981040].
- CVE-2016-1834: Fixed a heap-buffer-overflow in
xmlStrncat [bsc#981041].
- CVE-2016-1833: Fixed a heap-based buffer overread in
htmlCurrentChar [bsc#981108].
- CVE-2016-1835: Fixed a heap use-after-free in
xmlSAX2AttributeNs [bsc#981109].
- CVE-2016-1837: Fixed a heap use-after-free in
htmlParsePubidLiteral and htmlParseSystemiteral
[bsc#981111].
- CVE-2016-1838: Fixed a heap-based buffer overread in
xmlParserPrintFileContextInternal [bsc#981112].
- CVE-2016-1840: Fixed a heap-buffer-overflow in
xmlFAParsePosCharGroup [bsc#981115].
- CVE-2016-4447: Fixed a heap-based buffer-underreads due
to xmlParseName [bsc#981548].
- CVE-2016-4448: Fixed some format string warnings with
possible format string vulnerability [bsc#981549],
- CVE-2016-4449: Fixed inappropriate fetch of entities
content [bsc#981550].
- CVE-2016-3705: Fixed missing increment of recursion
counter.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-29 | plugin id | 93154 | published | 2016-08-29 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=93154 | title | SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1) |
|