vulnerability
SUSE: CVE-2016-4449: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:N/A:P) | Jun 9, 2016 | Jun 9, 2016 | Feb 4, 2022 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:P)
Published
Jun 9, 2016
Added
Jun 9, 2016
Modified
Feb 4, 2022
Description
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Solutions
suse-upgrade-libxml2suse-upgrade-libxml2-2suse-upgrade-libxml2-2-32bitsuse-upgrade-libxml2-32bitsuse-upgrade-libxml2-develsuse-upgrade-libxml2-devel-32bitsuse-upgrade-libxml2-docsuse-upgrade-libxml2-pythonsuse-upgrade-libxml2-toolssuse-upgrade-libxml2-x86suse-upgrade-python-libxml2suse-upgrade-sles12-docker-imagesuse-upgrade-sles12sp1-docker-image
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.