An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-6ac71752a4 advisory.

    Automatic update for mingw-libxml2-2.12.7-1.fc41.

    ##### **Changelog**

    ```
    * Thu May 16 2024 Richard W.M. Jones <rjones@redhat.com> - 2.12.7-1
    - Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459)

    ```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

    An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error     messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in     xmllint.c.(CVE-2024-34459)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization libxml2 security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error     messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in     xmllint.c.(CVE-2024-34459)

Tenable has extracted the preceding description block directly from the EulerOS libxml2 security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.5.0. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-17 advisory.

  - Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of     the third-party components (OpenSSL, expat, curl, and libxml2)were found to contain vulnerabilities,     and updated versions have been made available by the providers.Out of caution and in line with best     practice, Tenable has opted to upgrade these components to address the potential impact of the issues.
    Nessus Network Monitor 6.5.0 updates OpenSSL to version 3.0.15, expat to version 2.6.3, curl to version     8.10.0, and libxml2 to to version 2.13.1 to address the identified vulnerabilities.Additionally, one     separate vulnerability was discovered, reported and fixed:A stored cross site scripting vulnerability     exists in Nessus Network Monitor where an authenticated, privileged local attacker could inject arbitrary     code into the NNM UI via the local CLI. - CVE-2024-9158 Tenable has released Nessus Network Monitor 6.5.0     to address these issues. The installation files can be obtained from the Tenable Downloads Portal     (https://www.tenable.com/downloads/nessus-network-monitor). (CVE-2024-34459, CVE-2024-45491,     CVE-2024-45492, CVE-2024-6119, CVE-2024-6197, CVE-2024-7264, CVE-2024-8096, CVE-2024-9158)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-34459 advisory.

  - An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error     messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
    (CVE-2024-34459)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the libxml2 package has been released.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2290-1 advisory.

    - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2288-1 advisory.

    - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2267-1 advisory.

    - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4862425658 advisory.

    Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9ffc6cc7bf advisory.

    Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-08e01e9f2f advisory.

    Update to 2.12.7

    Fix CVE-2024-34459.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of libxml2 installed on the remote host is prior to 2.11.8 / 2.12.7. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-134-01 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
211065	Fedora 41 : mingw-libxml2 (2024-6ac71752a4)	Nessus	Fedora Local Security Checks	high
209796	EulerOS Virtualization 2.12.1 : libxml2 (EulerOS-SA-2024-2755)	Nessus	Huawei Local Security Checks	high
209782	EulerOS Virtualization 2.12.0 : libxml2 (EulerOS-SA-2024-2773)	Nessus	Huawei Local Security Checks	high
208386	EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2024-2510)	Nessus	Huawei Local Security Checks	high
208369	EulerOS 2.0 SP12 : libxml2 (EulerOS-SA-2024-2534)	Nessus	Huawei Local Security Checks	high
207713	Nessus Network Monitor < 6.5.0 Multiple Vulnerabilities (TNS-2024-17)	Nessus	Misc.	critical
207191	EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2024-2399)	Nessus	Huawei Local Security Checks	high
207180	EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2024-2447)	Nessus	Huawei Local Security Checks	high
207125	EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2024-2424)	Nessus	Huawei Local Security Checks	high
207123	EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2024-2374)	Nessus	Huawei Local Security Checks	high
207025	CBL Mariner 2.0 Security Update: libxml2 (CVE-2024-34459)	Nessus	MarinerOS Local Security Checks	high
206339	Photon OS 3.0: Libxml2 PHSA-2024-3.0-0787	Nessus	PhotonOS Local Security Checks	high
205971	EulerOS Virtualization 2.11.1 : libxml2 (EulerOS-SA-2024-2158)	Nessus	Huawei Local Security Checks	high
205937	EulerOS Virtualization 2.11.0 : libxml2 (EulerOS-SA-2024-2183)	Nessus	Huawei Local Security Checks	high
205244	EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2024-2105)	Nessus	Huawei Local Security Checks	high
205232	EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2024-2088)	Nessus	Huawei Local Security Checks	high
204489	Photon OS 5.0: Libxml2 PHSA-2024-5.0-0304	Nessus	PhotonOS Local Security Checks	high
203565	Photon OS 4.0: Libxml2 PHSA-2024-4.0-0640	Nessus	PhotonOS Local Security Checks	high
201879	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libxml2 (SUSE-SU-2024:2290-1)	Nessus	SuSE Local Security Checks	high
201873	SUSE SLES12 Security Update : libxml2 (SUSE-SU-2024:2288-1)	Nessus	SuSE Local Security Checks	high
201318	openSUSE 15 Security Update : libxml2 (SUSE-SU-2024:2267-1)	Nessus	SuSE Local Security Checks	high
197915	Fedora 39 : mingw-libxml2 (2024-4862425658)	Nessus	Fedora Local Security Checks	high
197912	Fedora 40 : mingw-libxml2 (2024-9ffc6cc7bf)	Nessus	Fedora Local Security Checks	high
197711	Fedora 40 : libxml2 (2024-08e01e9f2f)	Nessus	Fedora Local Security Checks	high
196908	Slackware Linux 15.0 / current libxml2 Vulnerability (SSA:2024-134-01)	Nessus	Slackware Local Security Checks	high

Detections

Analytics

CVE-2024-34459

high

Tenable Plugins

high

high

high

high

high

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high