Lucene search
+L

190 matches found

Prion
Prion
added 2016/05/20 10:59 a.m.26 views

Heap overflow

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

4.3CVSS6.5AI score0.07347EPSS
Exploits2References24Affected Software14
Prion
Prion
added 2016/05/20 10:59 a.m.16 views

Design/Logic Flaw

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document...

6.8CVSS6.3AI score0.05133EPSS
Exploits0References18Affected Software4
Debian CVE
Debian CVE
added 2016/05/20 10:0 a.m.34 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

5.5CVSS6.9AI score0.06943EPSS
Exploits2
Cvelist
Cvelist
added 2016/05/20 10:0 a.m.25 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a...

7AI score0.04092EPSS
Exploits1References22
Cvelist
Cvelist
added 2016/05/20 10:0 a.m.23 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

6.7AI score0.06943EPSS
Exploits2References24
CVE
CVE
added 2016/05/20 10:0 a.m.143 views

CVE-2016-1836

CVE-2016-1836 is a use-after-free in libxml2 (xmlDictComputeFastKey). Public mentions tie it to libxml2 up to 2.9.4, with affected Apple platforms (iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, watchOS before 2.2.1) and a DoS impact via crafted XML, per vendor advisories. Connected do...

5.5CVSS6.5AI score0.03926EPSS
Exploits0References34Affected Software1
Debian CVE
Debian CVE
added 2016/05/20 10:0 a.m.42 views

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

5.5CVSS6.9AI score0.07347EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2016/05/20 12:0 a.m.27 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

7.8CVSS7.7AI score0.03239EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2016/05/20 12:0 a.m.32 views

CVE-2016-1835

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document...

8.8CVSS7.2AI score0.05133EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2016/05/20 12:0 a.m.38 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

5.5CVSS6.9AI score0.02559EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2016/05/20 12:0 a.m.23 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document...

5.5CVSS6.8AI score0.03926EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2016/05/20 12:0 a.m.33 views

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted XML document...

5.5CVSS6.9AI score0.07347EPSS
Exploits2References10
OSV
OSV
added 2016/05/20 12:0 a.m.3 views

UBUNTU-CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document...

5.5CVSS6.8AI score0.03926EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2016/05/20 12:0 a.m.26 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML...

9.3CVSS7.4AI score0.04622EPSS
Exploits1References10
Prion
Prion
added 2016/05/17 2:8 p.m.37 views

Design/Logic Flaw

The 1 xmlParserEntityCheck and 2 xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service stack consumption and application crash via a crafted XML document containing a...

5CVSS7.1AI score0.05103EPSS
Exploits0References16Affected Software6
Debian CVE
Debian CVE
added 2016/05/17 2:0 p.m.36 views

CVE-2016-3674

Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...

7.5CVSS7.7AI score0.08179EPSS
Exploits0
Cvelist
Cvelist
added 2016/05/17 2:0 p.m.29 views

CVE-2016-3674

Multiple XML external entity XXE vulnerabilities in the 1 Dom4JDriver, 2 DomDriver, 3 JDomDriver, 4 JDom2Driver, 5 SjsxpDriver, 6 StandardStaxDriver, and 7 WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document...

7.4AI score0.08179EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2016/05/17 2:0 p.m.51 views

CVE-2016-3627

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document...

7.5CVSS6.9AI score0.07025EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2016/05/17 12:0 a.m.40 views

CVE-2016-3627

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service infinite recursion, stack consumption, and application crash via a crafted XML document...

7.5CVSS6.8AI score0.07025EPSS
Exploits1References3
Prion
Prion
added 2016/05/16 10:59 a.m.36 views

Null pointer dereference

The xslextfunctionphp function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking,...

5CVSS7.3AI score0.07276EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder