Lucene search
+L

59 matches found

CNVD
CNVD
added 2017/08/06 12:0 a.m.8 views

Adobe Acrobat and Reader XSLT Memory Corruption Vulnerability

Adobe Acrobat and Reader are the United States of America Audobee Adobe company's products. The former is a set of PDF file editing and conversion tools, the latter is a set of PDF document reading software. XSLT engine is one of the file format conversion engine. Adobe Acrobat and Reader in the...

6.5CVSS8AI score0.07594EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/05/08 6:45 a.m.6 views

Mozilla: Use-after-free in txExecutionState destructor during XSLT processing (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...

9.8CVSS7.3AI score0.03036EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2017/04/27 12:0 a.m.8 views

The vulnerabilities of programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud allow attackers to trigger service interruptions.

The vulnerability of XSLT services for viewing and editing PDF files in Adobe Reader, Adobe Acrobat, Adobe Acrobat Document Cloud, and Adobe Reader Document Cloud is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

4.3CVSS6.7AI score0.03159EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2017/04/21 12:49 a.m.4 views

Mozilla: Use-after-free in nsAutoPtr during XSLT processing (MFSA 2017-11, MFSA 2017-12)

A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

9.8CVSS7.3AI score0.03622EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2017/02/09 12:0 a.m.7 views

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, allow attackers to execute arbitrary code.

The vulnerability in the XSLT programs for PDF viewing applications such as Adobe Reader and Document Cloud, as well as in PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, is related to improper type conversion. Exploiting this vulnerability allows an attacker to execute...

9.3CVSS7.9AI score0.09855EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.6 views

A vulnerability in the Mozilla SeaMonkey software product, which allows a malicious individual to execute arbitrary code.

Mozilla SeaMonkey’s software product contains a vulnerability related to an implementation error in the content protection policy when working with XSLT style sheets. Exploiting this vulnerability allows malicious actors to execute arbitrary XSLT code, despite the insufficient restrictions impose...

7.5CVSS7.4AI score0.02995EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.5 views

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

7.5CVSS7.8AI score0.13809EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2014/09/23 8:19 p.m.5 views

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

7.5CVSS7.8AI score0.13809EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2014/07/03 5:5 p.m.6 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/04/30 7:0 p.m.10 views

Camel: remote code execution via XSL

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...

7.5CVSS6.1AI score0.07352EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2014/04/30 6:49 p.m.6 views

Camel: remote code execution via XSL

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message...

7.5CVSS6.1AI score0.07352EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2014/03/20 12:0 a.m.10 views

PT-2014-3427 · Apache · Apache Camel

Name of the Vulnerable Software and Affected Versions: Apache Camel versions 2.11.x through 2.11.3 Apache Camel versions 2.12.x through 2.12.2 Description: The issue allows remote attackers to execute arbitrary Java methods via a crafted message, potentially leading to unauthorized access and...

7.5CVSS7.1AI score0.07352EPSS
Exploits2References21
RedHat Linux
RedHat Linux
added 2013/01/31 7:14 p.m.6 views

libxml2: double free caused by malformed XPath expression in XSLT

Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression...

7.5CVSS6AI score0.01991EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/06/27 3:44 p.m.3 views

php: XSLT file writing vulnerability

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension...

6.4CVSS7.5AI score0.0315EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2011/12/05 7:54 p.m.4 views

libxml2: double-free caused by malformed XPath expression in XSLT

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling...

6.8CVSS7.5AI score0.02129EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2011/05/04 9:33 p.m.3 views

xmlsec1: arbitrary file creation when verifying signatures

xslt.c in XML Security Library aka xmlsec before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification...

5.1CVSS5.9AI score0.08057EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/07/21 1:18 a.m.11 views

Mozilla Integer Overflow in XSLT Node Sorting

Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node...

9.3CVSS7.8AI score0.11418EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2010/06/22 9:32 p.m.10 views

Mozilla Integer Overflow in XSLT Node Sorting

Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node...

9.3CVSS7.8AI score0.11418EPSS
Exploits5References4
OpenVAS
OpenVAS
added 2009/02/27 12:0 a.m.38 views

CentOS Update for libxslt CESA-2008:0287 centos3 x86_64

Check for the Version of libxslt OpenVAS Vulnerability Test CentOS Update for libxslt CESA-2008:0287 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

7.5CVSS9.5AI score0.1279EPSS
Exploits2References2
Rows per page
Query Builder