Lucene search
+L

149 matches found

alpinelinux
alpinelinux
added 2016/06/30 5:0 p.m.50 views

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS9.9AI score0.12367EPSS
Exploits0
osv
osv
added 2016/06/24 12:0 a.m.8 views

UBUNTU-CVE-2016-5772

Double free vulnerability in the phpwddxprocessdata function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted XML data that is...

9.8CVSS7.1AI score0.09674EPSS
Exploits1References3
redhatcve
redhatcve
added 2016/06/09 9:48 a.m.39 views

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS7.3AI score0.19069EPSS
Exploits0References1
prion
prion
added 2016/05/22 1:59 a.m.39 views

Design/Logic Flaw

The xmlparseintostruct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service buffer under-read and segmentation fault or possibly have unspecified other impact via crafted XML data in the second argument,...

7.5CVSS8AI score0.06229EPSS
Exploits1References15Affected Software3
debiancve
debiancve
added 2016/05/22 1:0 a.m.38 views

CVE-2016-4539

Removed by vendor...

9.8CVSS8.7AI score0.06229EPSS
Exploits1
ubuntucve
ubuntucve
added 2016/05/18 12:0 a.m.38 views

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS7.2AI score0.12367EPSS
Exploits0References4
osv
osv
added 2016/02/17 3:59 p.m.4 views

CVE-2016-2397

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data...

9.8CVSS6AI score0.06437EPSS
Exploits0References3
nvd
nvd
added 2016/02/17 3:59 p.m.19 views

CVE-2016-2397

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data...

10CVSS9.7AI score0.06437EPSS
Exploits0References3
prion
prion
added 2016/02/17 3:59 p.m.12 views

Code injection

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data...

10CVSS8AI score0.06437EPSS
Exploits0References3Affected Software3
cvelist
cvelist
added 2016/02/17 3:0 p.m.29 views

CVE-2016-2397

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data...

9.8AI score0.06437EPSS
Exploits0References3
cnvd
cnvd
added 2015/12/18 12:0 a.m.2 views

libxml2 Denial of Service Vulnerability (CNVD-2015-08396)

libxml2 is an XML parser and markup toolset. A denial of service vulnerability exists in versions of libxml2 prior to 2.9.3. An attacker is able to rely on context to cause a denial of service via carefully crafted XML data...

7.1CVSS7.8AI score0.04537EPSS
Exploits0References1
osv
osv
added 2015/12/15 9:59 p.m.6 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

6.4AI score
Exploits0References31
nvd
nvd
added 2015/12/15 9:59 p.m.19 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

5.8CVSS7.2AI score0.04268EPSS
Exploits0References27
osv
osv
added 2015/12/15 9:59 p.m.3 views

DEBIAN-CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

6.4CVSS8.9AI score0.05436EPSS
Exploits0References1
nvd
nvd
added 2015/12/15 9:59 p.m.27 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

7.1CVSS7.1AI score0.04537EPSS
Exploits0References25
osv
osv
added 2015/12/15 9:59 p.m.9 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

6.2AI score
Exploits0References25
prion
prion
added 2015/12/15 9:59 p.m.25 views

Stack overflow

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

5.8CVSS7AI score0.04268EPSS
Exploits0References27Affected Software12
cve
cve
added 2015/12/15 9:0 p.m.121 views

CVE-2015-8241

CVE-2015-8241 affects libxml2 (notably the xmlNextChar path) where improper state checking can lead to a heap-based buffer over-read, DoS, and potential information disclosure. Public docs place the vulnerable component in libxml2 2.9.2; exploitation requires crafted XML data. Several connected a...

6.4CVSS7AI score0.05436EPSS
Exploits0References18Affected Software1
cvelist
cvelist
added 2015/12/15 9:0 p.m.26 views

CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

9.3AI score0.05436EPSS
Exploits0References18
debiancve
debiancve
added 2015/12/15 9:0 p.m.49 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

7.1CVSS6.9AI score0.04537EPSS
Exploits0
Rows per page
Query Builder