Lucene search
K

44 matches found

Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.5 views

PT-2024-40830 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...

6.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/06/05 10:40 a.m.5 views

libxml2: use-after-free in XMLReader

A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS6.6AI score0.01364EPSS
Exploits3References6
OSV
OSV
added 2023/08/11 6:15 a.m.2 views

UBUNTU-CVE-2023-3823

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

8.6CVSS6.7AI score0.0121EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-4225

Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service infinite loop via a large XML document...

7.8CVSS7AI score0.03207EPSS
Exploits0References4
PyPA
PyPA
added 2022/08/25 6:15 p.m.10 views

PYSEC-2022-255

There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may...

7.5CVSS6.8AI score0.01066EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.27 views

VTK 代码问题漏洞

VTK is an open source software system for image processing, 3D graphics, body drawing and visualization. VTK suffers from a code issue vulnerability that stems from its IO/Infovis/vtkXMLTreeReader.cxx component not checking the return value of the libxml2 API "xmlDocGetRootElement" and attempting...

7.5CVSS5.7AI score0.01066EPSS
Exploits1References4
Fedora
Fedora
added 2022/05/18 1:25 a.m.56 views

[SECURITY] Fedora 34 Update: libxml2-2.9.14-1.fc34

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

6.5CVSS0.5AI score0.0363EPSS
Exploits5
SonarSource Blog
SonarSource Blog
added 2022/01/25 12:0 a.m.19 views

How to disable XXE processing?

In my last post I talked about XXE vulnerabilities found on popular open-source projects and more generally how to assess this type of issue. Today, I’ll talk about the different strategies to disable XXE processing. External XXE and internal entities are useful for building concise XML documents...

0.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/07/02 12:0 a.m.6 views

The vulnerability of the htmlParseTryOrFinish function in the HTMLparser.c component of the Libxml2 library arises from reading data beyond the allowed buffer limits. This allows an attacker to access confidential data and also cause a service failure.

The vulnerability of the htmlParseTryOrFinish function in the HTMLparser.c component of the Libxml2 library is related to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to gain access to confidential data and also cause service failures...

9.1CVSS7.7AI score0.02306EPSS
Exploits0References12Affected Software3
BDU FSTEC
BDU FSTEC
added 2018/10/30 12:0 a.m.4 views

The vulnerability of the LIBXML_ATTR_FORMAT function in the libxml2 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the LIBXMLATTRFORMAT function in the libxml2 library HTML parser.c is related to the use of an uncontrolled format string. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS7.5AI score0.07039EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/11/27 5:49 p.m.4 views

USN-3494-1 libxml-libxml-perl vulnerability

It was discovered that XML::LibXML incorrectly handled memory when processing a replaceChild call. A remote attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.2AI score0.07929EPSS
Exploits1References2
OSV
OSV
added 2017/11/23 9:29 p.m.2 views

ALPINE-CVE-2017-16932

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities...

7.5CVSS7AI score0.05928EPSS
Exploits0References1
CNVD
CNVD
added 2016/07/28 12:0 a.m.3 views

Multiple Apple Products libxml2 Memory Corruption Denial of Service Vulnerability (CNVD-2016-05742)

Apple iOS is an operating system for mobile devices; OS X is a specialized operating system for Mac computers; tvOS is an operating system for smart TVs; and watchOS is an operating system for smart watches. libxslt is an XSLTC library developed for the GNOME project. A security vulnerability in...

9.8CVSS6.6AI score0.03213EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2016/07/19 12:0 a.m.5 views

The vulnerability of the libxml2 library, which allows a perpetrator to obtain confidential information

The vulnerability of the xmlParseXMLDecl function in the parser.c file of the libxml2 library is caused by buffer overflow. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain confidential information due to incomplete declaration of XML data...

5CVSS7.9AI score0.05907EPSS
Exploits1References13Affected Software2
BDU FSTEC
BDU FSTEC
added 2016/07/19 12:0 a.m.7 views

The vulnerability of the libxml2 library, which allows a hacker to cause a service failure or obtain confidential information

The vulnerability of the xmlNextChar function in the libxml2 library arises due to buffer overflows. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure application termination or obtain confidential information through specially crafted XML data...

6.4CVSS8AI score0.05436EPSS
Exploits0References12Affected Software2
BDU FSTEC
BDU FSTEC
added 2016/06/01 12:0 a.m.7 views

The vulnerability of the libxml2 library and the PHP interpreter allows attackers to trigger a service failure.

The vulnerability of the xslextfunctionphp function ext/xsl/xsltprocessor.c in the libxml2 library and the PHP interpreter is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure dereferencing the null pointer...

5CVSS7.4AI score0.06574EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2016/05/20 12:0 a.m.3 views

UBUNTU-CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted XML...

7.8CVSS7.8AI score0.04622EPSS
Exploits1References11
BDU FSTEC
BDU FSTEC
added 2016/03/17 12:0 a.m.5 views

The vulnerability of the libxml2 library, which allows a hacker to trigger a service failure

The vulnerability of the htmlParseNameComplex function in the libxml2 library is caused by buffer overflow. Exploiting this vulnerability could allow an attacker to trigger a service failure memory overflow through the use of a specially crafted XML document...

4.3CVSS7.4AI score0.0231EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/12/07 11:59 a.m.11 views

libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

5CVSS7.2AI score0.0721EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/12/07 10:13 a.m.4 views

libxml2: heap-based buffer overflow in xmlParseConditionalSections()

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service...

6.8CVSS7.4AI score0.04737EPSS
Exploits1References4
Rows per page
Query Builder