CVE-2015-8866

CVE-2015-8866 describes a XXE/XEE vulnerability in PHP when using PHP-FPM, where libxml_disable_entity_loader changes are shared across threads, allowing crafted XML to exploit libxml. Affected versions include PHP prior to 5.5.22 and 5.6.x prior to 5.6.6; the issue stems from insufficient isolat...

UBUNTU-CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML...

UBUNTU-CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

libxml2: Heap-based buffer overflow in xmlParseXmlDecl

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

USN-2952-1 php5 vulnerabilities

It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. CVE-2014-9767 It was discovered that the PHP Soap client incorrectly validated data types. A remote...

DEBIAN-CVE-2015-8806

dict.c in libxml2 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via an unexpected character immediately after the "!DOCTYPE html" substring in a crafted HTML document...

The vulnerability of the libxml2 library, which allows a hacker to trigger a service failure

The vulnerability of the htmlParseNameComplex function in the libxml2 library is caused by buffer overflow. Exploiting this vulnerability could allow an attacker to trigger a service failure memory overflow through the use of a specially crafted XML document...

Ruby on Rails activesupport远程拒绝服务漏洞

Impact Specially crafted XML documents can cause applications to raise a SystemStackError and potentially cause a denial of service attack. This only impacts applications using REXML or JDOM as their XML processor. Other XML processors that Rails supports are not impacted. All users running an...

libxml2 Denial of Service Vulnerability (CNVD-2015-08376)

Libxml2 is the GNOME project team developed a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation and so on. A security vulnerability exists in the 'xmlSAX2TextNode' function in the SAX2.c file of t...

libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

libxml2: heap-based buffer overflow in xmlParseConditionalSections()

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service...

DEBIAN-CVE-2015-7941

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and libxml2 crash via crafted XML data to the 1 xmlParseEntityDecl or 2 xmlParseConditionalSections function in parser.c, as demonstrated by...

Google AdWords API PHP Client Library 6.2.0 XXE Injection Vulnerability

Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability. ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High =============================================...

openSUSE Security Update : perl-XML-LibXML (openSUSE-2015-571)

perl-XML-LibXML was updated to version 2.0.121 to fix one security vulnerability. - Fix 'expandentities' option that was not preserved under some circumstances. bsc929237, CVE-2015-3451 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...

SUSE SLED12 / SLES12 Security Update : perl-XML-LibXML (SUSE-SU-2015:1439-1)

perl-XML-LibXML was updated to fix the expandentities option to be preserved in all cases. CVE-2015-3451. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much a...

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

Design/Logic Flaw

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service memory consumption via crafted XML data, related to an XML Entity Expansion XEE attack...

CVE-2015-1819

The CVE-2015-1819 entry is supported by connected data showing a deterministic DoS in libxml2 via XML Entity Expansion (XEE) during XML parsing, causing memory exhaustion. Amazon Linux 2 advisory ALAS2-2019-1220 explicitly groups CVE-2015-1819 with several libxml2 DoS/memory-related CVEs and inst...