Page 4 of 89 results (0.021 seconds)

CVSS: 7.5EPSS: 0%CPEs: 41EXPL: 0

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. La función xmlStringLenDecodeEntities en el archivo parser.c en libxml2 versión 2.9.10, presenta un bucle infinito en una determinada situación de fin del archivo. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076 https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI https://lists& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. La función xmlSchemaPreRun en el archivo xmlschemas.c en libxml2 versión 2.9.10, permite una pérdida de memoria de la función xmlSchemaValidateStream. A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org& • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. La función xmlParseBalancedChunkMemoryRecover en el archivo parser.c en libxml2 versiones anteriores a 2.9.10, presenta una pérdida de memoria relacionada con newDoc-)oldNs. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject. • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. libxml2, tal y como se usa en Red Hat JBoss Core Services y en modo de recuperación, permite que los atacantes dependientes de contexto provoquen una denegación de servicio (consumo de pila) mediante un documento XML. NOTA: Esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-3627. • https://bugzilla.redhat.com/show_bug.cgi?id=1408302 https://access.redhat.com/security/cve/CVE-2016-9596 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. libxml2, tal y como se usa en Red Hat JBoss Core Services, permite que los atacantes dependientes de contexto provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un documento XML. NOTA: Esta vulnerabilidad existe debido a la ausencia de una solución para CVE-2016-4483. • https://access.redhat.com/errata/RHSA-2018:2486 https://bugzilla.redhat.com/show_bug.cgi?id=1408306 https://access.redhat.com/security/cve/CVE-2016-9598 • CWE-125: Out-of-bounds Read CWE-674: Uncontrolled Recursion •