Lucene search
K

6942 matches found

OSV
OSV
added 2015/12/15 9:59 p.m.9 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

6.2AI score
Exploits0References25
Prion
Prion
added 2015/12/15 9:59 p.m.22 views

Heap overflow

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors...

5CVSS7.2AI score0.0721EPSS
Exploits0References16Affected Software9
NVD
NVD
added 2015/12/15 9:59 p.m.25 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

7.1CVSS7.1AI score0.04537EPSS
Exploits0References25
Prion
Prion
added 2015/12/15 9:59 p.m.38 views

Code injection

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

7.1CVSS6.6AI score0.04537EPSS
Exploits1References25Affected Software13
Prion
Prion
added 2015/12/15 9:59 p.m.24 views

Heap overflow

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors...

5CVSS6.9AI score0.06464EPSS
Exploits0References25Affected Software15
Prion
Prion
added 2015/12/15 9:59 p.m.27 views

Heap overflow

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

6.4CVSS7.1AI score0.06908EPSS
Exploits0References18Affected Software9
CVE
CVE
added 2015/12/15 9:0 p.m.420 views

CVE-2015-5312

Summary (CVE-2015-5312) A DoS via XML entity expansion was reported in libxml2 (xmlStringLenDecodeEntities in parser.c) affecting versions before 2.9.3. The issue allows a context-dependent attacker to trigger high CPU usage by processing crafted XML data, as described in the CVE entry and corrob...

7.1CVSS6.2AI score0.04537EPSS
Exploits0References25Affected Software1
CVE
CVE
added 2015/12/15 9:0 p.m.144 views

CVE-2015-7498

CVE-2015-7498 is a heap-based buffer overflow in the xmlParseXmlDecl function of libxml2’s parser.c, affecting versions before 2.9.3. The underlying issue enables context-dependent attackers to trigger a denial of service via crafted XML data, related to an encoding conversion failure. Affected p...

5CVSS6.7AI score0.07017EPSS
Exploits0References16Affected Software2
Cvelist
Cvelist
added 2015/12/15 9:0 p.m.23 views

CVE-2015-7497

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors...

8.5AI score0.0721EPSS
Exploits0References16
Cvelist
Cvelist
added 2015/12/15 9:0 p.m.26 views

CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

9.3AI score0.06908EPSS
Exploits0References18
Cvelist
Cvelist
added 2015/12/15 9:0 p.m.31 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

6.7AI score0.04537EPSS
Exploits0References25
Cvelist
Cvelist
added 2015/12/15 9:0 p.m.26 views

CVE-2015-7498

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure...

8.4AI score0.07017EPSS
Exploits0References16
Cvelist
Cvelist
added 2015/12/15 9:0 p.m.28 views

CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...

8.5AI score0.05907EPSS
Exploits1References32
CVE
CVE
added 2015/12/15 9:0 p.m.151 views

CVE-2015-7497

CVE-2015-7497 affects libxml2 prior to 2.9.3, due to a heap-based buffer overflow in dict.c (xmlDictComputeFastQKey). Exploitation leads to a denial of service via crafted XML data. The vulnerability is part of multiple libxml2 issues disclosed in 2015; affected products are libraries linked agai...

5CVSS6.7AI score0.0721EPSS
Exploits0References16Affected Software1
Cvelist
Cvelist
added 2015/12/15 9:0 p.m.22 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

7.2AI score0.04268EPSS
Exploits0References27
CVE
CVE
added 2015/12/15 9:0 p.m.172 views

CVE-2015-7499

CVE-2015-7499 (libxml2) involves a heap-based buffer overflow in the xmlGROW function of parser.c, affecting libxml2 prior to 2.9.3. The consequence described is memory disclosure/leakage under certain crafted XML inputs. The Amazon Linux 2 advisory ALAS2-2019-1220 confirms libxml2 exposure and l...

5CVSS7AI score0.06464EPSS
Exploits0References25Affected Software4
CVE
CVE
added 2015/12/15 9:0 p.m.122 views

CVE-2015-8242

CVE-2015-8242 affects libxml2 prior to 2.9.3. The xmlSAX2TextNode function in SAX2.c within the push interface of the HTML parser can cause a stack-based buffer over-read when processing crafted XML data, leading to a denial of service (application crash) and potential exposure of sensitive infor...

5.8CVSS6.8AI score0.04268EPSS
Exploits0References27Affected Software1
Cvelist
Cvelist
added 2015/12/15 9:0 p.m.21 views

CVE-2015-7499

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors...

7.4AI score0.06464EPSS
Exploits0References25
CVE
CVE
added 2015/12/15 9:0 p.m.118 views

CVE-2015-8241

CVE-2015-8241 affects libxml2 (notably the xmlNextChar path) where improper state checking can lead to a heap-based buffer over-read, DoS, and potential information disclosure. Public docs place the vulnerable component in libxml2 2.9.2; exploitation requires crafted XML data. Several connected a...

6.4CVSS7AI score0.06908EPSS
Exploits0References18Affected Software1
CVE
CVE
added 2015/12/15 9:0 p.m.151 views

CVE-2015-8317

CVE-2015-8317 affects libxml2 prior to 2.9.3. The vulnerability arises in xmlParseXMLDecl in parser.c, where an unterminated encoding value or an incomplete XML declaration can trigger an out-of-bounds heap read, potentially exposing sensitive information. Public references include vendor advisor...

5CVSS6.9AI score0.05907EPSS
Exploits1References32Affected Software1
Rows per page
Query Builder