The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0111 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2023-28484:
    In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference     and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

    CVE-2023-29469:
    An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML     document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic     and memory errors, such as a double free. This behavior occurs because there is an attempt to use the     first byte of an empty string, and any value is possible (not solely the '\0' value).

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the libxml2 package has been released.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2048-1 advisory.

  - A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing     protection mechanisms and leading to denial of service. (CVE-2021-3541)

  - In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*)     don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a     victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for     example libxslt through 1.1.35, is affected as well. (CVE-2022-29824)

  - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference     and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. (CVE-2023-28484)

  - An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML     document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic     and memory errors, such as a double free. This behavior occurs because there is an attempt to use the     first byte of an empty string, and any value is possible (not solely the '\0' value). (CVE-2023-29469)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 13.x prior to 13.4. It is, therefore, affected by multiple vulnerabilities:

  - In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-     provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append     arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected     versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a
    -- argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
    (CVE-2023-22809)

  - A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS     16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel     privileges. (CVE-2023-27930)

  - The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS     15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide     network connections. (CVE-2023-27940)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS     9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5.
    An app may be able to bypass Privacy preferences. (CVE-2023-28191)

  - This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5,     watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the     Settings app. (CVE-2023-28202)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5,     tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5.
    Processing web content may disclose sensitive information. Apple is aware of a report that this issue may     have been actively exploited. (CVE-2023-28204)

  - An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML     document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic     and memory errors, such as a double free. This behavior occurs because there is an attempt to use the     first byte of an empty string, and any value is possible (not solely the '\0' value). (CVE-2023-29469)

  - A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4,     macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper     checks. (CVE-2023-32352)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7,     macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file     system. (CVE-2023-32355, CVE-2023-32369, CVE-2023-32395)

  - An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5,     tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An     app may be able to retain access to system configuration files even after its permission is revoked.
    (CVE-2023-32357)

  - An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur     11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently     printed documents. (CVE-2023-32360)

  - A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is     fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences. (CVE-2023-32363)

  - This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5,     macOS Ventura 13.4. An app may be able to access user-sensitive data. (CVE-2023-32367)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5,     tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may     result in disclosure of process memory. (CVE-2023-32368)

  - The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS     Ventura 13.4. An app may be able to break out of its sandbox. (CVE-2023-32371)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and     iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of     process memory. (CVE-2023-32372)

  - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5,     tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5.
    Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a     report that this issue may have been actively exploited. (CVE-2023-32373)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey     12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of process memory.
    (CVE-2023-32375)

  - This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5,     watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file     system. (CVE-2023-32376)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura     13.4. An app may be able to execute arbitrary code with kernel privileges. (CVE-2023-32379)

  - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big     Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may lead to arbitrary code     execution. (CVE-2023-32380)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur     11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of     process memory. (CVE-2023-32382)

  - This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This     issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to     inject code into sensitive binaries bundled with Xcode. (CVE-2023-32383)

  - A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS     16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS     16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution. (CVE-2023-32384)

  - A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and     iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.
    (CVE-2023-32385)

  - A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Big     Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to observe unprotected user     data. (CVE-2023-32386)

  - A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur     11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app     termination or arbitrary code execution. (CVE-2023-32387)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey     12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. (CVE-2023-32388)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5     and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory.
    (CVE-2023-32389)

  - The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS     9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without     authentication through Visual Lookup. (CVE-2023-32390)

  - The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS     9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with     certain actions without prompting the user. (CVE-2023-32391)

  - A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in     watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and     iPadOS 16.5. An app may be able to read sensitive location information. (CVE-2023-32392)

  - The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS     9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact     information from the lock screen. (CVE-2023-32394)

  - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS     15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify     protected parts of the file system. (CVE-2023-32397)

  - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5,     tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6,     iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.
    (CVE-2023-32398)

  - The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5,     watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
    (CVE-2023-32399)

  - This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS     9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a     malicious app. (CVE-2023-32400)

  - A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey     12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app     termination or arbitrary code execution. (CVE-2023-32401)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5,     tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose     sensitive information. (CVE-2023-32402)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS     9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey     12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.
    (CVE-2023-32403)

  - This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5,     watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences. (CVE-2023-32404)

  - A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.7, macOS     Monterey 12.6.6, macOS Ventura 13.4. An app may be able to gain root privileges. (CVE-2023-32405)

  - A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5,     macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5     and iPadOS 16.5. An app may be able to bypass Privacy preferences. (CVE-2023-32407)

  - The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5,     macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app     may be able to read sensitive location information. (CVE-2023-32408)

  - The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS     Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may     be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been     actively exploited. (CVE-2023-32409)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and     iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak     sensitive kernel state. (CVE-2023-32410)

  - This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4,     macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass     Privacy preferences. (CVE-2023-32411)

  - A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5,     tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6,     iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary     code execution. (CVE-2023-32412)

  - A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS     16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS     16.5 and iPadOS 16.5. An app may be able to gain root privileges. (CVE-2023-32413)

  - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be     able to break out of its sandbox. (CVE-2023-32414)

  - This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5     and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.
    (CVE-2023-32415)

  - This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS     9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts     via accessibility features. (CVE-2023-32417)

  - An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and     iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system     termination or read kernel memory. (CVE-2023-32420)

  - This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5     and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.
    (CVE-2023-32422)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5,     tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose     sensitive information. (CVE-2023-32423)

  - This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS     16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges. (CVE-2023-32428)

  - A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS     Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-     sensitive data. (CVE-2023-32432)

  - The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6     and iPadOS 16.6. An app may be able to break out of its sandbox. (CVE-2023-32437)

  - A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in     macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user     account emails. (CVE-2023-34352)

  - Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in     macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2. (CVE-2023-42869)

  - A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.4.
    An app may be able to gain elevated privileges. (CVE-2023-42958)

Note that Nessus has not tested for these issues but has instead relied only on the operating system's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3665-1 advisory.

  - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. (CVE-2016-3709)

  - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference     and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. (CVE-2023-28484)

  - An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML     document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic     and memory errors, such as a double free. This behavior occurs because there is an attempt to use the     first byte of an empty string, and any value is possible (not solely the '\0' value). (CVE-2023-29469)

  - ** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the     xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial     of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does     not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
    (CVE-2023-39615)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libxml2 installed on the remote host is prior to 2.9.1-6.6.42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1743 advisory.

    parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the     xmlParserHandlePEReference function in the case of a '%' character in a DTD name. (CVE-2017-16931)

    GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at     libxml2/entities.c. The issue has been fixed in commit 50f06b3e. (CVE-2020-24977)

    There's a flaw in libxml2's xmllint. An attacker who is able to submit a crafted file to be processed by     xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity,     and availability. (CVE-2021-3516)

    There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to supply a     crafted file to be processed by an application linked with the affected functionality of libxml2 could     trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with     some potential impact to confidentiality and integrity if an attacker is able to use memory information to     further exploit the application. (CVE-2021-3517)

    There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an     application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to     confidentiality, integrity, and availability. (CVE-2021-3518)

    A NULL pointer dereference flaw was found in libxml2, where it did not propagate errors while parsing XML     mixed content. This flaw causes the application to crash if an untrusted XML document is parsed in     recovery mode and post validated. The highest threat from this vulnerability is to system availability.
    (CVE-2021-3537)

    A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing     protection mechanisms and leading to denial of service. (CVE-2021-3541)

    valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. (CVE-2022-23308)

    A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer     types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-     bounds write. (CVE-2022-29824)

    An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the     XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to     access an array at a negative 2GB offset, typically leading to a segmentation fault. (CVE-2022-40303)

    An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a     hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be     provoked. (CVE-2022-40304)

    A NULL pointer dereference exists when parsing (invalid) XML schemas in libxml2     xmlSchemaCheckCOSSTDerivedOK (CVE-2023-28484)

    libxml2 Hashing of empty dict strings isn't deterministic. When hashing empty strings which aren't null-     terminated, xmlDictComputeFastKey could produce inconsistent results. This could lead to various logic or     memory errors, including double frees. (CVE-2023-29469)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
236630	Alibaba Cloud Linux 3 : 0111: libxml2 (ALINUX3-SA-2023:0111)	Nessus	Alibaba Cloud Linux Local Security Checks	5/14/2025	5/14/2025	medium
203163	Photon OS 4.0: Libxml2 PHSA-2023-4.0-0380	Nessus	PhotonOS Local Security Checks	7/23/2024	7/23/2024	medium
174889	SUSE SLES15 / openSUSE 15 Security Update : libxml2 (SUSE-SU-2023:2048-1)	Nessus	SuSE Local Security Checks	4/27/2023	7/14/2023	medium
176078	macOS 13.x < 13.4 Multiple Vulnerabilities (HT213758)	Nessus	MacOS X Local Security Checks	5/18/2023	9/11/2024	critical
181575	SUSE SLES12 Security Update : libxml2 (SUSE-SU-2023:3665-1)	Nessus	SuSE Local Security Checks	9/19/2023	9/19/2023	medium
175091	Amazon Linux AMI : libxml2 (ALAS-2023-1743)	Nessus	Amazon Linux Local Security Checks	5/4/2023	12/11/2024	critical
502869	Siemens SCALANCE W700 Double Free (CVE-2023-29469)	Tenable OT Security	Tenable.ot	2/24/2025	2/25/2025	medium

Detections

Analytics

Plugins Search

medium

medium

medium

critical

medium

critical

medium