CVE-2016-1836: Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before…

CVE-2016-1836 [MEDIUM] CVE-2016-1836: tvOS 9.2.2 Apple Security Update: About the security content of tvOS 9.2.2 Product: tvOS Version: 9.2.2 CVE: CVE-2016-1836 Component: Kernel Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation.

CVE-2016-1836 [MEDIUM] CVE-2016-1836: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-1836 Component: Libc Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.

CVE-2016-1836 [MEDIUM] CVE-2016-1836: OS X El Capitan v10.11.6 and Security Update 2016-004 Apple Security Update: About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 Product: OS X El Capitan v10.11.6 and Security Update 2016-004 CVE: CVE-2016-1836 Component: LibreSSL Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7.

CVE-2016-1836 [MEDIUM] CVE-2016-1836: iCloud for Windows 5.2.1 Apple Security Update: About the security content of iCloud for Windows 5.2.1 Product: iCloud for Windows Version: 5.2.1 CVE: CVE-2016-1836 Component: About Apple security updates Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1836 [MEDIUM] CVE-2016-1836: iTunes 12.4.2 for Windows Apple Security Update: About the security content of iTunes 12.4.2 for Windows Product: iTunes 12.4.2 for Windows CVE: CVE-2016-1836 Component: About Apple security updates Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-1836 [MEDIUM] CVE-2016-1836: watchOS 2.2.2 Apple Security Update: About the security content of watchOS 2.2.2 Product: watchOS Version: 2.2.2 CVE: CVE-2016-1836 Component: Libc Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.

CVE-2015-8806 [HIGH] libxml2 vulnerabilities Title: libxml2 vulnerabilities Summary: Several security issues were fixed in libxml2. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malfo

CVE-2016-1836 [MEDIUM] CWE-416 libxml2: Heap use-after-free in xmlDictComputeFastKey libxml2: Heap use-after-free in xmlDictComputeFastKey Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. Package: libxml2 (Red Hat Enterprise Linux 5) - Will not fix Package: libxml2 (Red Hat JBoss Enterprise Web Server 3) - Affected

CVE-2016-1836 [MEDIUM] CVE-2016-1836: libxml2 - Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 be... Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1.1) forky: resolved (fixed in 2.9.3+dfsg1-1.1) sid: resolved (fixed in 2.9.3+dfsg1-1.1) trixie: resolved (fixed in 2.9.3+dfsg1-1.1)

CVE-2016-1836 [MEDIUM] CVE-2016-1836: watchOS 2.2.1 Apple Security Update: About the security content of watchOS 2.2.1 Product: watchOS Version: 2.2.1 CVE: CVE-2016-1836 Component: CVE-ID Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-1836 [MEDIUM] CVE-2016-1836: tvOS 9.2.1 Apple Security Update: About the security content of tvOS 9.2.1 Product: tvOS Version: 9.2.1 CVE: CVE-2016-1836 Component: CVE-ID Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-1836 [MEDIUM] CVE-2016-1836: iOS 9.3.2 Apple Security Update: About the security content of iOS 9.3.2 Product: iOS Version: 9.3.2 CVE: CVE-2016-1836 Component: CVE-ID Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-1836 [MEDIUM] CVE-2016-1836: OS X El Capitan v10.11.5 and Security Update 2016-003 Apple Security Update: About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003 Product: OS X El Capitan v10.11.5 and Security Update 2016-003 CVE: CVE-2016-1836 Component: CVE-ID Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling.

CVE-2016-1836 [MEDIUM] CWE-416 GHSA-82c9-fqj6-w7gm: Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2 Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

CVE-2015-8806 [HIGH] libxml2 vulnerabilities libxml2 vulnerabilities It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into

CVE-2016-1836 [MEDIUM] CVE-2016-1836: Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2 Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

[MEDIUM] Multiple issues in Libxml2 (2.9.2 - 2.9.5) Multiple issues in Libxml2 (2.9.2 - 2.9.5) Libxml2 is the XML C parser and toolkit developed for the Gnome project. Due to its flexible C implementation and continuous development, Libxml2 is known to be very portable, the library builds and works on a variety of systems (Linux, Unix, Windows, CygWin, MacOS, MacOS X, RISC Os, OS/2, VMS, QNX, MVS, VxWorks, ...). It is or has been adopted by many major vendors or products including Google (Chrome), VMWare, Apple (Safari, Mac OSX, iOS, ...), and many embedded systems. As in the [Google Patch Rewards](https://www.google.com.sg/about/appsecurity/patch-rewards) , Libxml2 is listed in the category of core infrastructure data parsers. From 2015-2016, our fuzzing work on Libxml2 has systematically identified a sequence of bugs including use-after

CVE-2016-1000219 [HIGH] CVE-2016-1000219 kibana: Session hijack via stealing cookies and auth headers from log ESA-2016-04 CVE-2016-1000219 kibana: Session hijack via stealing cookies and auth headers from log ESA-2016-04 It was reported that when a custom output is configured for logging in versions of Kibana before 4.5.4 and 4.1.11, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. External Reference: https://www.elastic.co/community/security Discussion: This issue has been addressed in the following products: Red Hat OpenShift Enterprise 3.2 Red Hat OpenShift Enterprise 3.1 Via RHSA-2016:1836 https://access.redhat.com/errata/RHSA-2016:1836

CVE-2016-1000220 [MEDIUM] CVE-2016-1000220 kibana: XSS vulnerability ESA-2016-03 CVE-2016-1000220 kibana: XSS vulnerability ESA-2016-03 It was reported that versions of Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. External Reference: https://www.elastic.co/community/security Discussion: This issue has been addressed in the following products: Red Hat OpenShift Enterprise 3.2 Red Hat OpenShift Enterprise 3.1 Via RHSA-2016:1836 https://access.redhat.com/errata/RHSA-2016:1836

CVE-2016-1762 [HIGH] CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-a CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE

CVE-2016-1762 [HIGH] CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fe CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention t

CVE-2016-1836 [MEDIUM] CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey CVE-2016-1836 libxml2: Heap use-after-free in xmlDictComputeFastKey A vulnerability was found in the libxml2 library. A heap-use-after free can happen in the xmlDictComputeFastKey. References: https://bugzilla.gnome.org/show_bug.cgi?id=759398 Upstream fix: https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0 Discussion: This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:1292 https://access.redhat.com/errata/RHSA-2016:1292 --- Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1349794] --- Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1349795] --- This issue has been addressed in the following products: Via RHSA-2

[R2] Nessus 6.10 Fixes Multiple Third-party Library Vulnerabilities ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man

[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man