Lucene search
K

127 matches found

OSV
OSV
added 2024/02/04 4:15 p.m.6 views

AZL-34961 CVE-2024-25062 affecting package libxml2 for versions less than 2.11.5-4

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.7AI score0.01375EPSS
Exploits3References1
OSV
OSV
added 2024/02/04 4:15 p.m.1 views

UBUNTU-CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.01375EPSS
Exploits3References4
UbuntuCve
UbuntuCve
added 2024/02/04 4:15 p.m.375 views

CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.01375EPSS
Exploits3References3
Prion
Prion
added 2024/02/04 4:15 p.m.30 views

Design/Logic Flaw

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

5CVSS7AI score0.01375EPSS
Exploits3References2Affected Software1
AlpineLinux
AlpineLinux
added 2024/02/04 12:0 a.m.123 views

CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.01375EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2024/02/04 12:0 a.m.4 views

CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.7AI score0.01375EPSS
Exploits3References2
Debian CVE
Debian CVE
added 2024/02/04 12:0 a.m.307 views

CVE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.8AI score0.01375EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/02/04 12:0 a.m.29 views

Slackware Linux 15.0 / current libxml2 Vulnerability (SSA:2024-035-01)

The version of libxml2 installed on the remote host is prior to 2.11.7 / 2.12.5. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-035-01 advisory. - An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD...

7.5CVSS6.7AI score0.01375EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2023/09/12 10:15 a.m.30 views

librsvg: Arbitrary file read when xinclude href has special characters

A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL...

5.5CVSS5.9AI score0.02132EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2023/08/29 9:23 a.m.4 views

librsvg: Arbitrary file read when xinclude href has special characters

A directory traversal vulnerability was discovered in the URL decoder of Librsvg. This issue occurs when xinclude href has special characters; demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element, which can allow an attacker to send a specially crafted URL...

5.5CVSS5.9AI score0.02132EPSS
Exploits1References4
OSV
OSV
added 2021/12/28 2:11 p.m.4 views

CLSA-2021-1640700669 Fixed 8 CVEs in libxml2

CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack -...

9.1CVSS6.9AI score0.0828EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2021/04/22 12:0 a.m.8 views

PT-2021-4600

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.11 Description The issue is related to a use-after-free flaw in the xinclude.c component of the libxml2 library, which can be triggered by a specially crafted file. This can allow a remote attacker to access...

10CVSS6.9AI score0.51733EPSS
Exploits23References170
Tenable Nessus
Tenable Nessus
added 2019/12/19 12:0 a.m.60 views

Red Hat JBoss Enterprise Application Platform 7.x < 7.2.2 Multiple Vulnerabilities

The version of Red Hat JBoss Enterprise Application Platform EAP installed on the remote host is 7.x prior to 7.2.2. It is therefore, affected my multiple vulnerabilities as referenced in the RHSA-2019:1424 advisory: - picketlink: reflected XSS in SAMLRequest via RelayState parameter CVE-2019-387...

9.8CVSS6.5AI score0.03412EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2019/10/11 5:29 p.m.27 views

CVE-2019-3873

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS1.2AI score0.00927EPSS
Exploits0References3
OSV
OSV
added 2019/06/12 2:29 p.m.5 views

CVE-2019-3873

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS6.8AI score0.00927EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/06/11 3:32 p.m.4 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/10 4:51 p.m.3 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/10 4:44 p.m.5 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/06/10 4:41 p.m.3 views

picketlink: URL injection via xinclude parameter

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct further attacks...

9CVSS5.6AI score0.00927EPSS
Exploits0References4
Prion
Prion
added 2018/07/05 2:29 p.m.12 views

Xxe

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

2.1CVSS5.3AI score0.09025EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder