Executive Summary
Summary | |
---|---|
Title | libxml2 vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-815-1 | First vendor Publication | 2009-08-11 |
Vendor | Ubuntu | Last vendor Modification | 2009-08-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: After a standard system upgrade you need to restart your sessions to effect the necessary changes. Details follow: It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2414) It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. (CVE-2009-2416) USN-644-1 fixed a vulnerability in libxml2. This advisory provides the corresponding update for Ubuntu 9.04. Original advisory details: It was discovered that libxml2 did not correctly handle long entity names. |
Original Source
Url : http://www.ubuntu.com/usn/USN-815-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-416 | Use After Free |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10129 | |||
Oval ID: | oval:org.mitre.oval:def:10129 | ||
Title: | Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Description: | Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2414 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11760 | |||
Oval ID: | oval:org.mitre.oval:def:11760 | ||
Title: | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||
Description: | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3529 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13681 | |||
Oval ID: | oval:org.mitre.oval:def:13681 | ||
Title: | DSA-1859-1 libxml2 -- several | ||
Description: | Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. For the oldstable distribution, this problem has been fixed in version 2.6.27.dfsg-6+etch1. For the stable distribution, this problem has been fixed in version 2.6.32.dfsg-5+lenny1. For the testing and unstable distribution, this problem will be fixed soon. We recommend that you upgrade your libxml2 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1859-1 CVE-2009-2416 CVE-2009-2414 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13712 | |||
Oval ID: | oval:org.mitre.oval:def:13712 | ||
Title: | DSA-1861-1 libxml -- several | ||
Description: | Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. For the oldstable distribution, this problem has been fixed in version 1.8.17-14+etch1. The stable, testing and unstable distribution do not contain libxml anymore but libxml2 for which DSA-1859-1 has been released. We recommend that you upgrade your libxml packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1861-1 CVE-2009-2416 CVE-2009-2414 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13882 | |||
Oval ID: | oval:org.mitre.oval:def:13882 | ||
Title: | USN-815-1 -- libxml2 vulnerabilities | ||
Description: | It was discovered that libxml2 did not correctly handle root XML document element DTD definitions. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. It was discovered that libxml2 did not correctly parse Notation and Enumeration attribute types. If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service. USN-644-1 fixed a vulnerability in libxml2. This advisory provides the corresponding update for Ubuntu 9.04. Original advisory details: It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-815-1 CVE-2009-2414 CVE-2009-2416 CVE-2008-3529 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 9.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18505 | |||
Oval ID: | oval:org.mitre.oval:def:18505 | ||
Title: | DSA-1654-1 libxml2 - execution of arbitrary code | ||
Description: | It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1654-1 CVE-2008-3529 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21739 | |||
Oval ID: | oval:org.mitre.oval:def:21739 | ||
Title: | ELSA-2008:0884: libxml2 security update (Important) | ||
Description: | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0884-01 CVE-2008-3529 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22743 | |||
Oval ID: | oval:org.mitre.oval:def:22743 | ||
Title: | ELSA-2009:1206: libxml and libxml2 security update (Moderate) | ||
Description: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1206-01 CVE-2009-2414 CVE-2009-2416 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | libxml libxml2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28958 | |||
Oval ID: | oval:org.mitre.oval:def:28958 | ||
Title: | RHSA-2009:1206 -- libxml and libxml2 security update (Moderate) | ||
Description: | Updated libxml and libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1206 CESA-2009:1206-CentOS 3 CESA-2009:1206-CentOS 5 CVE-2009-2414 CVE-2009-2416 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libxml libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29030 | |||
Oval ID: | oval:org.mitre.oval:def:29030 | ||
Title: | RHSA-2008:0884 -- libxml2 security update (Important) | ||
Description: | Updated libxml2 packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0884 CESA-2008:0884-CentOS 3 CESA-2008:0884-CentOS 5 CVE-2008-3529 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6103 | |||
Oval ID: | oval:org.mitre.oval:def:6103 | ||
Title: | Libxml2 Heap Overflow in xmlParseAttValueComplex() Lets Remote Users Execute Arbitrary Code | ||
Description: | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3529 | Version: | 3 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7783 | |||
Oval ID: | oval:org.mitre.oval:def:7783 | ||
Title: | VMware libxml2 use-after-free vulnerability | ||
Description: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2416 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8076 | |||
Oval ID: | oval:org.mitre.oval:def:8076 | ||
Title: | DSA-1654 libxml2 -- buffer overflow | ||
Description: | It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1654 CVE-2008-3529 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8116 | |||
Oval ID: | oval:org.mitre.oval:def:8116 | ||
Title: | DSA-1861 libxml -- several vulnerabilities | ||
Description: | Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1861 CVE-2009-2416 CVE-2009-2414 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | libxml |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8132 | |||
Oval ID: | oval:org.mitre.oval:def:8132 | ||
Title: | DSA-1859 libxml2 -- several vulnerabilities | ||
Description: | Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml2, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library. The Common Vulnerabilities and Exposures project identifies the following problems: An XML document with specially-crafted Notation or Enumeration attribute types in a DTD definition leads to the use of a pointers to memory areas which have already been freed. Missing checks for the depth of ELEMENT DTD definitions when parsing child content can lead to extensive stack-growth due to a function recursion which can be triggered via a crafted XML document. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1859 CVE-2009-2416 CVE-2009-2414 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libxml2 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8639 | |||
Oval ID: | oval:org.mitre.oval:def:8639 | ||
Title: | VMware libxml2 stack consumption vulnerability | ||
Description: | Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2414 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9262 | |||
Oval ID: | oval:org.mitre.oval:def:9262 | ||
Title: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Description: | Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2416 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-05-26 | Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for libxml CESA-2009:1206 centos3 i386 File : nvt/gb_CESA-2009_1206_libxml_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for libxml2 CESA-2009:1206 centos5 i386 File : nvt/gb_CESA-2009_1206_libxml2_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-07 (libxml2) File : nvt/glsa_201009_07.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-05-12 | Name : Mac OS X 10.6.2 Update / Mac OS X Security Update 2009-006 File : nvt/macosx_upd_10_6_2_secupd_2009-006.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:200-1 (libxml) File : nvt/mdksa_2009_200_1.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for libxml2 File : nvt/sles10_libxml20.nasl |
2009-10-13 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114014-24 File : nvt/gb_solaris_114014_24.nasl |
2009-10-13 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114015-24 File : nvt/gb_solaris_114015_24.nasl |
2009-10-13 | Name : SLES10: Security update for libxml2 File : nvt/sles10_libxml2.nasl |
2009-10-13 | Name : Solaris Update for XML and XSLT libraries 125732-05 File : nvt/gb_solaris_125732_05.nasl |
2009-10-13 | Name : Solaris Update for XML and XSLT libraries 125731-05 File : nvt/gb_solaris_125731_05.nasl |
2009-10-11 | Name : SLES11: Security update for libxml2 File : nvt/sles11_libxml2.nasl |
2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5035440.nasl |
2009-10-10 | Name : SLES9: Security update for libxml2 File : nvt/sles9p5055249.nasl |
2009-10-10 | Name : SLES9: Security update for libxml.rpm File : nvt/sles9p5058211.nasl |
2009-09-21 | Name : SuSE Security Summary SUSE-SR:2009:015 File : nvt/suse_sr_2009_015.nasl |
2009-09-02 | Name : Fedora Core 10 FEDORA-2009-8594 (libxml) File : nvt/fcore_2009_8594.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8582 (libxml) File : nvt/fcore_2009_8582.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8580 (mingw32-libxml2) File : nvt/fcore_2009_8580.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1206 (libxml2) File : nvt/ovcesa2009_1206.nasl |
2009-08-17 | Name : Mandrake Security Advisory MDVSA-2009:200 (libxml) File : nvt/mdksa_2009_200.nasl |
2009-08-17 | Name : Ubuntu USN-815-1 (libxml2) File : nvt/ubuntu_815_1.nasl |
2009-08-17 | Name : SuSE Security Summary SUSE-SR:2009:013 File : nvt/suse_sr_2009_013.nasl |
2009-08-17 | Name : RedHat Security Advisory RHSA-2009:1206 File : nvt/RHSA_2009_1206.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1859-1 (libxml2) File : nvt/deb_1859_1.nasl |
2009-08-17 | Name : Debian Security Advisory DSA 1861-1 (libxml) File : nvt/deb_1861_1.nasl |
2009-08-17 | Name : Fedora Core 10 FEDORA-2009-8491 (libxml2) File : nvt/fcore_2009_8491.nasl |
2009-08-17 | Name : Fedora Core 11 FEDORA-2009-8498 (libxml2) File : nvt/fcore_2009_8498.nasl |
2009-06-03 | Name : Solaris Update for XML and XSLT libraries 125731-04 File : nvt/gb_solaris_125731_04.nasl |
2009-06-03 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114015-22 File : nvt/gb_solaris_114015_22.nasl |
2009-06-03 | Name : Solaris Update for libxml, libxslt and Freeware man pages 114014-22 File : nvt/gb_solaris_114014_22.nasl |
2009-06-03 | Name : Solaris Update for XML and XSLT libraries 125732-04 File : nvt/gb_solaris_125732_04.nasl |
2009-04-09 | Name : Mandriva Update for libxml2 MDVSA-2008:192 (libxml2) File : nvt/gb_mandriva_MDVSA_2008_192.nasl |
2009-03-23 | Name : Ubuntu Update for libxml2 vulnerabilities USN-644-1 File : nvt/gb_ubuntu_USN_644_1.nasl |
2009-03-06 | Name : RedHat Update for libxml2 RHSA-2008:0886-01 File : nvt/gb_RHSA-2008_0886-01_libxml2.nasl |
2009-03-06 | Name : RedHat Update for libxml2 RHSA-2008:0884-01 File : nvt/gb_RHSA-2008_0884-01_libxml2.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0884 centos3 x86_64 File : nvt/gb_CESA-2008_0884_libxml2_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0884 centos3 i386 File : nvt/gb_CESA-2008_0884_libxml2_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for libxml2 CESA-2008:0886-01 centos2 i386 File : nvt/gb_CESA-2008_0886-01_libxml2_centos2_i386.nasl |
2008-12-03 | Name : Gentoo Security Advisory GLSA 200812-06 (libxml2) File : nvt/glsa_200812_06.nasl |
2008-11-01 | Name : FreeBSD Ports: libxml2 File : nvt/freebsd_libxml20.nasl |
2008-11-01 | Name : Debian Security Advisory DSA 1654-1 (libxml2) File : nvt/deb_1654_1.nasl |
0000-00-00 | Name : FreeBSD Ports: libxml File : nvt/freebsd_libxml1.nasl |
0000-00-00 | Name : FreeBSD Ports: libxml File : nvt/freebsd_libxml3.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56990 | libxml2 DTD Element Declaration Handling Stack Consumption DoS |
56985 | libxml2 XML File Multiple Attribute Type Handling DoS |
48158 | libxml2 parser.c xmlParseAttValueComplex Function XML Entity Name Handling DoS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-09-10 | IAVM : 2009-T-0049 - Multiple Vulnerabilities in libxml2 Severity : Category I - VMSKEY : V0019911 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | libxml2 file processing long entity overflow attempt RuleID : 15866 - Revision : 16 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2009-0018.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1206.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0884.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 127680-07 File : solaris8_127680.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 127681-07 File : solaris9_127681.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 123924-11 File : solaris10_x86_123924.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 123922-11 File : solaris9_x86_123922.nasl - Type : ACT_GATHER_INFO |
2013-07-03 | Name : The remote host is missing Sun Security Patch number 127682-07 File : solaris9_x86_127682.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080911_libxml2_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090810_libxml_and_libxml2_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-11-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_5a7d41100b7a11e1846b00235409fd3e.nasl - Type : ACT_GATHER_INFO |
2011-11-11 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_ce4b3af80b7c11e1846b00235409fd3e.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml-6482.nasl - Type : ACT_GATHER_INFO |
2010-09-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-07.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1859.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1861.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-11-12 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4_0_4.nasl - Type : ACT_GATHER_INFO |
2009-11-12 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0_4.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_2.nasl - Type : ACT_GATHER_INFO |
2009-11-09 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-006.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libxml-6477.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libxml2-6405.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-6403.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12237.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12469.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxml2-090807.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12504.nasl - Type : ACT_GATHER_INFO |
2009-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libxml-090908.nasl - Type : ACT_GATHER_INFO |
2009-09-17 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml-090908.nasl - Type : ACT_GATHER_INFO |
2009-08-26 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_2_0_172_43.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8580.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8594.nasl - Type : ACT_GATHER_INFO |
2009-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8582.nasl - Type : ACT_GATHER_INFO |
2009-08-13 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-200.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml2-090807.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libxml2-090807.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8498.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8491.nasl - Type : ACT_GATHER_INFO |
2009-08-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-815-1.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1206.nasl - Type : ACT_GATHER_INFO |
2009-08-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1206.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0017.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libxml2-080905.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_3_2_3.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 123920-12 File : solaris8_123920.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-644-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-192.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120954-12 File : solaris10_120954.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 123923-12 File : solaris10_123923.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120955-12 File : solaris10_x86_120955.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120955-12 File : solaris9_x86_120955.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120954-12 File : solaris8_120954.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 120954-12 File : solaris9_120954.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote host is missing Sun Security Patch number 123921-12 File : solaris9_123921.nasl - Type : ACT_GATHER_INFO |
2008-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-06.nasl - Type : ACT_GATHER_INFO |
2008-10-15 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1654.nasl - Type : ACT_GATHER_INFO |
2008-10-15 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d71da2369a9411dd8f42001c2514716c.nasl - Type : ACT_GATHER_INFO |
2008-09-15 | Name : The remote openSUSE host is missing a security update. File : suse_libxml2-5586.nasl - Type : ACT_GATHER_INFO |
2008-09-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libxml2-5583.nasl - Type : ACT_GATHER_INFO |
2008-09-12 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0884.nasl - Type : ACT_GATHER_INFO |
2008-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0884.nasl - Type : ACT_GATHER_INFO |
2008-09-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0886.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote host is missing Sun Security Patch number 125732-13 File : solaris10_x86_125732.nasl - Type : ACT_GATHER_INFO |
2008-02-05 | Name : The remote host is missing Sun Security Patch number 125731-13 File : solaris10_125731.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote host is missing Sun Security Patch number 119467-17 File : solaris10_x86_119467.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote host is missing Sun Security Patch number 123919-12 File : solaris7_123919.nasl - Type : ACT_GATHER_INFO |
2006-11-06 | Name : The remote host is missing Sun Security Patch number 119467-17 File : solaris9_x86_119467.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114014-28 File : solaris9_114014.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114015-28 File : solaris9_x86_114015.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:11 |
|
2013-11-11 12:41:38 |
|
2013-05-11 00:56:07 |
|