Lucene search
K

200 matches found

RedHat Linux
RedHat Linux
added 2025/03/12 11:42 a.m.12 views

libxml2: Use-After-Free in libxml2

A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...

9.8CVSS7.1AI score0.0113EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/03/11 1:24 p.m.6 views

libxml2: Use-After-Free in libxml2

A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...

9.8CVSS7.1AI score0.0113EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/02/27 8:0 a.m.4 views

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

...

9.8CVSS6.6AI score0.0113EPSS
Exploits0
OSV
OSV
added 2025/02/18 11:15 p.m.4 views

ALPINE-CVE-2025-24928

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...

7.7CVSS7.4AI score0.00375EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/14 6:55 a.m.4 views

SUSE CVE-2023-3823

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

7.5CVSS6.7AI score0.0121EPSS
Exploits1References11
Microsoft CVE
Microsoft CVE
added 2024/12/28 8:0 a.m.5 views

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

...

9.1CVSS6.8AI score0.01192EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/11/12 8:0 a.m.7 views

REXML ReDoS vulnerability

...

8.7CVSS6.7AI score0.01429EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/09/24 7:0 a.m.5 views

REXML DoS vulnerability

...

7.5CVSS6.5AI score0.01192EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.13 views

PT-2024-41023 · Oracle · Java Xml

Name of the Vulnerable Software and Affected Versions: Java XML affected versions not specified Description: The issue is related to a security exception in the Java XML library. A crash occurs in the DOM2TO.parse function, which is part of the com.sun.org.apache.xalan.internal.xsltc.trax package...

6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2024/09/18 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-7001-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.01686EPSS
Exploits0References2
Redos
Redos
added 2024/09/17 12:0 a.m.158 views

ROS-20241220-03

A vulnerability in the xmlparse.c file of the libexpat XML file parsing library is related to an integer overflow for nDefaultAtts on 32-bit platforms. Exploitation of the vulnerability could allow an an attacker to cause a denial of service...

9.8CVSS7AI score0.0113EPSS
Exploits0
OSV
OSV
added 2024/06/10 2:21 p.m.5 views

CLSA-2024-1718029281 libxml2: Fix of CVE-2024-25062

CVE-2024-25062: Fix use-after-free issue in XML Reader interface...

7.5CVSS7.1AI score0.01364EPSS
Exploits3References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.23 views

RHEL 7 : python (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python: Integer overflow in PyStringDecodeEscape results in heap-base buffer overflow CVE-2017-1000158 -...

5.3CVSS8.3AI score0.07944EPSS
Exploits3References10
Veracode
Veracode
added 2024/05/16 8:46 a.m.4 views

NULL Pointer Dereference

VTK is vulnerable to a NULL Pointer Dereference. The vulnerability is due to improper return value validation, where the libxml2 API xmlDocGetRootElement function can return NULL, but the code in IO/Infovis/vtkXMLTreeReader.cxx dereferences it without a check, allowing an attacker to trigger a...

7.5CVSS5.5AI score0.01066EPSS
Exploits1References7Affected Software2
Ubuntu
Ubuntu
added 2024/02/26 1:57 p.m.276 views

USN-6658-1: libxml2 vulnerability

It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7.1AI score0.01364EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2024/01/25 8:35 a.m.4 views

libxml2: Hashing of empty dict strings isn't deterministic

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

6.5CVSS7.3AI score0.01013EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/12/07 1:55 p.m.4 views

libxml2: crafted xml can cause global buffer overflow

A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service DoS by supplying a crafted XML file...

6.5CVSS7.3AI score0.00667EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2023/09/25 12:0 a.m.5 views

The vulnerability of the xmlsax2startelement() function in the libxml2 library, caused by buffer overflows, allows attackers to trigger a service failure.

The vulnerability of the xmlsax2startelement function in the libxml2 library is caused by buffer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.8CVSS7AI score0.00667EPSS
Exploits1References14Affected Software7
RedHat Linux
RedHat Linux
added 2023/08/08 8:30 a.m.4 views

libxml2: Hashing of empty dict strings isn't deterministic

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

6.5CVSS7.3AI score0.01013EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.6 views

The vulnerability of the ezxml_decode function in the XML document syntax analysis library ezXML allows a attacker to cause a service failure.

The vulnerability of the ezxmldecode function in the ezXML XML syntax analysis library involves reading data beyond the allowable buffer size. Exploiting this vulnerability allows a malicious actor to cause service interruptions by using a specially created XML file...

7.8CVSS6.7AI score0.01169EPSS
Exploits1References11Affected Software7
Rows per page
Query Builder