Lucene search
K

13 matches found

NVD
NVD
added 2025/02/04 2:15 p.m.14 views

CVE-2025-1009

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS0.01196EPSS
Exploits0References8
CVE
CVE
added 2025/02/04 1:58 p.m.472 views

CVE-2025-1009

CVE-2025-1009 is a use-after-free in XSLT processing that affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird

9.8CVSS7.3AI score0.01196EPSS
Exploits0References8Affected Software2
FreeBSD
FreeBSD
added 2025/02/04 12:0 a.m.16 views

mozilla -- multiple vulnerabilities

[email protected] reports: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A race during concurrent...

9.8CVSS8.8AI score0.01196EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.2 views

SUSE CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...

4.3CVSS8.6AI score0.02455EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2014-0152)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.8AI score0.13809EPSS
Exploits2References4
Cvelist
Cvelist
added 2015/03/09 2:0 p.m.27 views

CVE-2015-0254

Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity XXE attacks via a crafted XSLT extension in a 1 or 2 JSTL XML tag...

9.3AI score0.1326EPSS
Exploits0References23
NVD
NVD
added 2015/02/14 3:1 a.m.20 views

CVE-2015-0931

Ektron Content Management System CMS 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue...

6.8CVSS7.6AI score0.02441EPSS
Exploits0References1
Prion
Prion
added 2012/08/31 7:55 p.m.20 views

Design/Logic Flaw

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...

4.3CVSS6.5AI score0.02455EPSS
Exploits0References18Affected Software3
Debian CVE
Debian CVE
added 2012/08/31 7:0 p.m.52 views

CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...

4.3CVSS7.3AI score0.02455EPSS
Exploits0
NVD
NVD
added 2012/06/08 4:55 p.m.28 views

CVE-2012-1826

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...

6CVSS7.1AI score0.0219EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2012/02/01 12:0 a.m.33 views

CVE-2012-0057

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension...

6.4CVSS7.2AI score0.0315EPSS
Exploits2References2
OSV
OSV
added 2012/01/31 12:0 a.m.64 views

DSA-2399-1 php5 - several

Bulletin has no description...

7.5CVSS8.3AI score0.83911EPSS
Exploits32
RedHat Linux
RedHat Linux
added 2009/03/27 11:34 p.m.2 views

Firefox XSLT memory corruption issue

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an XML file with a crafted XSLT transform...

9.3CVSS7.8AI score0.10464EPSS
Exploits2References4
Rows per page
Query Builder