CVE-2016-4483: The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and…

CVE-2016-4483 [HIGH] CVE-2016-4483: watchOS 2.2.2 Apple Security Update: About the security content of watchOS 2.2.2 Product: watchOS Version: 2.2.2 CVE: CVE-2016-4483 Component: Libc Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.

CVE-2016-4483 [HIGH] CVE-2016-4483: iCloud for Windows 5.2.1 Apple Security Update: About the security content of iCloud for Windows 5.2.1 Product: iCloud for Windows Version: 5.2.1 CVE: CVE-2016-4483 Component: About Apple security updates Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4483 [HIGH] CVE-2016-4483: OS X El Capitan v10.11.6 and Security Update 2016-004 Apple Security Update: About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 Product: OS X El Capitan v10.11.6 and Security Update 2016-004 CVE: CVE-2016-4483 Component: LibreSSL Impact: A remote attacker may be able to execute arbitrary code Description: Multiple issues existed in LibreSSL before 2.2.7. These were addressed by updating LibreSSL to version 2.2.7.

CVE-2016-4483 [HIGH] CVE-2016-4483: iTunes 12.4.2 for Windows Apple Security Update: About the security content of iTunes 12.4.2 for Windows Product: iTunes 12.4.2 for Windows CVE: CVE-2016-4483 Component: About Apple security updates Impact: Multiple vulnerabilities in libxml2 Description: Multiple memory corruption issues were addressed through improved memory handling.

CVE-2016-4483 [HIGH] CVE-2016-4483: iOS 9.3.3 Apple Security Update: About the security content of iOS 9.3.3 Product: iOS Version: 9.3.3 CVE: CVE-2016-4483 Component: Libc Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow existed within the "link_ntoa()" function in linkaddr.c. This issue was addressed through additional bounds checking.

CVE-2016-4483 [HIGH] CVE-2016-4483: tvOS 9.2.2 Apple Security Update: About the security content of tvOS 9.2.2 Product: tvOS Version: 9.2.2 CVE: CVE-2016-4483 Component: Kernel Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference was addressed through improved input validation.

CVE-2015-8806 [HIGH] libxml2 vulnerabilities Title: libxml2 vulnerabilities Summary: Several security issues were fixed in libxml2. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malfo

CVE-2016-9598 [HIGH] CWE-674 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected Package: libxml2 (Red Hat Enterprise Linux 6) - Not affected Package: libxml2 (Red Hat Enterprise Linux 7) - Not affected

CVE-2016-4483 [HIGH] CWE-122 libxml2: out-of-bounds read libxml2: out-of-bounds read The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. Statement: When a specially-crafted XML file is parsed via an application compiled against libxml2, this can cause the application to crash. (No code execution) Package: libxml2 (Red Hat Enterprise Linux 5) - Will not fix Package: libxml2 (Red Hat Enterprise Linux 6) - Will not fix Package: libxml2 (Red Hat Enterprise Linux 7) - Will not fix Package: httpd (Red Hat JBoss Core Services) - Affected Package: libxml2 (Red Hat JBoss Enterprise Web Server 3) - Will not fi

CVE-2016-9598 [HIGH] CVE-2016-9598: libxml2 - libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attack... libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-4483 [HIGH] CVE-2016-4483: libxml2 - The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows contex... The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1.1) forky: resolved (fixed in 2.9.3+dfsg1-1.1) sid: resolved (fixed in 2.9.3+dfsg1-1.1) trixie: resolved (fixed in 2.9.3+dfsg1-1.1)

CVE-2016-9598 [HIGH] CWE-125 GHSA-8gff-r69h-5xgv: libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application c libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.

CVE-2016-4483 [HIGH] CWE-502 GHSA-xr2r-hh4x-gv58: The xmlBufAttrSerializeTxtContent function in xmlsave The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

CVE-2016-4483 [HIGH] CVE-2016-4483: The xmlBufAttrSerializeTxtContent function in xmlsave The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

CVE-2015-8806 [HIGH] libxml2 vulnerabilities libxml2 vulnerabilities It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447) It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-1762, CVE-2016-1834) Mateusz Jurczyk discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into

CVE-2016-9598 [HIGH] CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) libxml2: out-of-bounds read Discussion: Are there any details available for this? Upsteam bug, commit reference? --- (In reply to Salvatore Bonaccorso from comment #2) > Are there any details available for this? Upsteam bug, commit reference? Referring to https://bugzilla.redhat.com/show_bug.cgi?id=1408302#c4 --- CVE-2016-9598 was assigned for incomplete fix of CVE-2016-4483, however that was closed as duplicate of CVE-2016-3627. That actually makes this CVE a duplicate of CVE-2016-9596 since that one was assigned for incomplete fix of CVE-2016-3627. Hence I suggest to close this one as duplicate of CVE-2016-9596. Would that work for you? --- This CVE id is for the same issue as CVE-2016-4483 (bug 1332820)

CVE-2016-4483 [HIGH] CVE-2016-4483 libxml2: out-of-bounds read [fedora-all] CVE-2016-4483 libxml2: out-of-bounds read [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one

CVE-2016-4483 [HIGH] CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read [fedora-all] CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora.

CVE-2016-4483 [HIGH] CVE-2016-4483 libxml2: out-of-bounds read CVE-2016-4483 libxml2: out-of-bounds read A vulnerability was found in libxml2. Parsing a maliciously crafted xml file could cause the application to crash if recover mode is used. References: http://seclists.org/oss-sec/2016/q2/195 Discussion: Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1332823] --- Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1332824] Affects: epel-7 [bug 1332825] --- This issue has been addressed in the following products: Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html --- CVE-2016-4483 is NOT a duplicate of CVE-2016-3627! This issue has NOT been fixed for at least RHEL6 (CVE-2016-3627 has been). This issue was fixed upstream with commit c97750d11bb8b6f3303e7131fe526a61ac65

CVE-2016-4483 [HIGH] CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read [epel-7] CVE-2016-4483 mingw-libxml2: libxml2: out-of-bounds read [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs] Discussion:

[R2] Nessus 6.10 Fixes Multiple Third-party Library Vulnerabilities ## Cloud Exposure Tenable Cloud Security (CNAPP) Request a demo Tenable Cloud Vulnerability Management Request a demo Tenable CIEM Request a demo Secure your cloud ## Vulnerability Exposure Tenable Vulnerability Management Try for free Tenable Security Center Request a demo Tenable Web App Scanning Try for free Tenable Patch Management Request a demo Tenable Enclave Security Request a demo Tenable Attack Surface Management Request a demo Tenable Nessus Try for free ## AI Exposure Tenable AI Exposure Request a demo ## OT/IoT Exposure Tenable OT Security Request a demo ## Identity Exposure Tenable Identity Exposure Request a demo ## Business needs Active Directory AI Security Posture Management (AI-SPM) AWS security Azure security Cloud Security Posture Man