CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

572 matches found

F5 Networks•added 2023/02/21 6:30 p.m.•51 views

K15635: PHP 5.x vulnerability - CVE-2012-1171

Security Advisory Description The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper. CVE-2012-1171 Impact None. No F5 products a...

5CVSS9AI score0.00162EPSS

Exploits1

SUSE CVE•added 2023/02/15 6:7 a.m.•1 views

SUSE CVE-2008-4225

Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service infinite loop via a large XML document...

7.8CVSS7AI score0.04915EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 6:3 a.m.•1 views

SUSE CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

4.3CVSS6.8AI score0.01289EPSS

Exploits2References4

SUSE CVE•added 2023/02/15 5:59 a.m.•2 views

SUSE CVE-2010-1415

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted HTML document, related to an "API...

9.3CVSS7.6AI score0.31845EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 5:48 a.m.•2 views

SUSE CVE-2012-1171

The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the openbasedir protection mechanism and read arbitrary files via vectors involving a streamclose method call during use of a custom stream wrapper...

5CVSS9.3AI score0.00162EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 5:21 a.m.•1 views

SUSE CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

5CVSS6.9AI score0.02045EPSS

Exploits0References9

SUSE CVE•added 2023/02/15 5:18 a.m.•2 views

SUSE CVE-2015-3451

The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XXE attacks via crafted XML data to the 1 new or 2 loadxml function...

5CVSS7.2AI score0.03365EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 5:10 a.m.•4 views

SUSE CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

9.6CVSS8.8AI score0.03531EPSS

Exploits1References10

SUSE CVE•added 2023/02/15 5:4 a.m.•1 views

SUSE CVE-2016-3709

Possible cross-site scripting vulnerability in libxml after commit 960f0e2...

6.8CVSS9.1AI score0.00174EPSS

Exploits1References42

SUSE CVE•added 2023/02/15 4:43 a.m.•3 views

SUSE CVE-2017-10672

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call...

7CVSS8AI score0.10052EPSS

Exploits1References6

OpenVAS•added 2022/08/26 12:0 a.m.•14 views

Ubuntu: Security Advisory (USN-2028-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.6AI score0.03643EPSS

Exploits1References2

OpenVAS•added 2022/08/26 12:0 a.m.•21 views

Ubuntu: Security Advisory (USN-89-1)

10CVSS6.5AI score0.24274EPSS

Exploits1References2

PyPA•added 2022/08/25 6:15 p.m.•6 views

PYSEC-2022-255

There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may...

7.5CVSS6.8AI score0.00483EPSS

Exploits1References2Affected Software1

CNNVD•added 2022/08/25 12:0 a.m.•2 views

VTK 代码问题漏洞

VTK is an open source software system for image processing, 3D graphics, body drawing and visualization. VTK suffers from a code issue vulnerability that stems from its IO/Infovis/vtkXMLTreeReader.cxx component not checking the return value of the libxml2 API "xmlDocGetRootElement" and attempting...

7.5CVSS5.7AI score0.00483EPSS

Exploits1References4