Filtered by vendor Xmlsoft
Subscribe
Total
129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11068 | 7 Canonical, Debian, Fedoraproject and 4 more | 22 Ubuntu Linux, Debian Linux, Fedora and 19 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
|
|||||
| CVE-2018-9251 | 2 Debian, Xmlsoft | 2 Debian Linux, Libxml2 | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
|
|||||
| CVE-2018-14567 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
|
|||||
| CVE-2017-7376 | 3 Debian, Google, Xmlsoft | 3 Debian Linux, Android, Libxml2 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
|
|||||
| CVE-2017-18258 | 1 Xmlsoft | 1 Libxml2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
|
|||||
| CVE-2017-15412 | 4 Debian, Google, Redhat and 1 more | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2016-9598 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.
|
|||||
| CVE-2016-9597 | 5 Canonical, Debian, Hp and 2 more | 6 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
|
|||||
| CVE-2016-9596 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.
|
|||||