CVE-2015-8035: The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of…

CVE-2015-8035 [LOW] GHSA-cprg-r8c2-9m62: The xz_decomp function in xzlib The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

CVE-2018-14567 [LOW] CWE-835 GHSA-4h39-8h6h-93x3: libxml2 2 libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

CVE-2018-9251 [LOW] CWE-835 GHSA-qvh5-3xv2-rf6p: The xz_decomp function in xzlib The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

CVE-2018-14567 [LOW] CVE-2018-14567: libxml2 2 libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

CVE-2018-9251 [LOW] CVE-2018-9251: The xz_decomp function in xzlib The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

CVE-2015-8035 [LOW] CVE-2015-8035: The xz_decomp function in xzlib The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

CVE-2015-1819 [MEDIUM] libxml2 vulnerabilities libxml2 vulnerabilities Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819) Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941) Kostya Serebryany discovered that libxml2 incorrectly handled certain XML data. If a

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 ICS Advisory ## Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Release DateDecember 14, 2023 Alert CodeICSA-23-348-10 As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 - Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss

CVE-2018-14567 [LOW] CWE-400 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression libxml2: Infinite loop caused by incorrect error detection during LZMA decompression libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. Statement: Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue. Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected Package: libxml2 (Red Hat Enterprise Linux 6) - Not affected Package: libxml2 (Red Hat Enterprise Linux 8) - Not affected Package: mingw-libxml2 (Red Hat Enterprise Linux 8) - Not affected Package: libxml2 (Red Hat JBoss Core Services) - Not affected Package: libxml2 (R

CVE-2018-9251 [LOW] CWE-835 libxml2: infinite loop in xz_decomp function in xzlib.c libxml2: infinite loop in xz_decomp function in xzlib.c The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. Statement: This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5, 6, and 7. Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected Package: libxml2 (Red Hat Enterprise Linux 6) - Not affected Package: libxml2 (Red Hat Enterprise Linux 7) - Not affected Package: libxml2 (Red Hat JBoss Core Services) - Not affected Package: libxml2 (Red Hat JBoss Web Server 3) - Not affected

CVE-2018-9251 [LOW] CVE-2018-9251: libxml2 - The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allo... The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2018-14567 [LOW] CVE-2018-14567: libxml2 - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial... libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. Scope: local bookworm: resolved (fixed in 2.9.10+dfsg-2) bullseye: resolved (fixed in 2.9.10+dfsg-2) forky: resolved (fixed in 2.9.10+dfsg-2) sid: resolved (fixed in 2.9.10+dfsg-2) trixie: resolved (fixed in 2.9.10+dfsg-2)

CVE-2015-1819 [MEDIUM] libxml2 vulnerabilities Title: libxml2 vulnerabilities Summary: Several security issues were fixed in libxml2. Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-1819) Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-7941) Kostya Serebryany di

CVE-2015-8035 [LOW] CWE-252 libxml2: DoS caused by incorrect error detection during XZ decompression libxml2: DoS caused by incorrect error detection during XZ decompression The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash. Statement: This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support. Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected Package: libxml2 (Red Hat Enterprise Linux 6) - Not affected Package: libxml

CVE-2015-8035 [LOW] CVE-2015-8035: libxml2 - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect comp... The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1) bullseye: resolved (fixed in 2.9.3+dfsg1-1) forky: resolved (fixed in 2.9.3+dfsg1-1) sid: resolved (fixed in 2.9.3+dfsg1-1) trixie: resolved (fixed in 2.9.3+dfsg1-1)

CVE-2015-8035 [MEDIUM] CVE-2015-8035: tvOS 9.2 Apple Security Update: About the security content of tvOS 9.2 Product: tvOS Version: 9.2 CVE: CVE-2015-8035 Component: CVE-2015-7499

CVE-2015-8035 [MEDIUM] CVE-2015-8035: watchOS 2.2 Apple Security Update: About the security content of watchOS 2.2 Product: watchOS Version: 2.2 CVE: CVE-2015-8035 Component: CVE-2015-7499

CVE-2015-8035 [MEDIUM] CVE-2015-8035: iOS 9.3 Apple Security Update: About the security content of iOS 9.3 Product: iOS Version: 9.3 CVE: CVE-2015-8035 Component: CVE-2015-7499

CVE-2015-8035 [MEDIUM] CVE-2015-8035: OS X El Capitan v10.11.4 and Security Update 2016-002 Apple Security Update: About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 Product: OS X El Capitan v10.11.4 and Security Update 2016-002 CVE: CVE-2015-8035 Component: CVE-2015-7499

CVE-2018-14567 [LOW] CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. Upstream Patch: https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74 Discussion: Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1619878] Created mingw-libxml2 tracking bugs for this issue: Affects: epel-7 [bug 1619880] Affects: fedora-all [bug 1619879] --- RHEL5/6 use a libxml2 version released before it had LZMA support. --- Statement: Red Hat Product Security has r

CVE-2018-9251 [LOW] CVE-2018-9251 libxml2: infinite loop in xz_decomp function in xzlib.c CVE-2018-9251 libxml2: infinite loop in xz_decomp function in xzlib.c A flaw was found in libxml2 2.9.8. The xz_decomp function in xzlib.c, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. Reference: https://bugzilla.gnome.org/show_bug.cgi?id=794914 Discussion: Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1565320] Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1565321] Created mingw-libxml2 tracking bugs for this issue: Affects: epel-7 [bug 1565319] --- Statement: This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise

CVE-2015-8035 [LOW] CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7] CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tr

CVE-2015-8035 [LOW] CVE-2015-8035 libxml2: DoS caused by incorrect error detection during XZ decompression CVE-2015-8035 libxml2: DoS caused by incorrect error detection during XZ decompression A vulnerability in libxml2 when parsing specially crafted XML document if XZ support is enabled causing DoS of application was found. CVE request (including reproducer): http://seclists.org/oss-sec/2015/q4/206 Discussion: Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1277147] --- Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1277149] Affects: epel-7 [bug 1277150] --- Statement: This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support. --- LZMA compression support was introduced in libxml2 in: 2.8.0: May 23 2012 Features: add lzma com

CVE-2015-8035 [LOW] CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects

CVE-2015-8035 [LOW] CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this

[R2] Nessus 6.10 Fixes Multiple Third-party Library Vulnerabilities ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man