Lucene search
K

6942 matches found

Debian CVE
Debian CVE
added 2015/12/15 9:0 p.m.17 views

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service out-of-bounds heap read via unspecified vectors related to incorrect entities boundaries and start tags...

5CVSS7.9AI score0.05917EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/12/15 9:0 p.m.31 views

CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

6.4CVSS9.4AI score0.06908EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/12/15 9:0 p.m.44 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted XML data, a different vulnerability than CVE-2014-3660...

7.1CVSS6.9AI score0.04537EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/12/15 9:0 p.m.28 views

CVE-2015-7497

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors...

5CVSS8.1AI score0.0721EPSS
Exploits0
Debian CVE
Debian CVE
added 2015/12/15 9:0 p.m.29 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

5.8CVSS8.2AI score0.04268EPSS
Exploits0
Cvelist
Cvelist
added 2015/12/15 9:0 p.m.28 views

CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...

8.5AI score0.05907EPSS
Exploits1References32
Debian CVE
Debian CVE
added 2015/12/15 9:0 p.m.39 views

CVE-2015-8317

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an 1 unterminated encoding value or 2 incomplete XML declaration in XML data, which triggers an out-of-bounds heap read...

5CVSS8.1AI score0.05907EPSS
Exploits1
CVE
CVE
added 2015/12/15 9:0 p.m.151 views

CVE-2015-8317

CVE-2015-8317 affects libxml2 prior to 2.9.3. The vulnerability arises in xmlParseXMLDecl in parser.c, where an unterminated encoding value or an incomplete XML declaration can trigger an out-of-bounds heap read, potentially exposing sensitive information. Public references include vendor advisor...

5CVSS6.9AI score0.05907EPSS
Exploits1References32Affected Software1
RubySec
RubySec
added 2015/12/15 12:0 a.m.38 views

Nokogiri gem contains several vulnerabilities in libxml2

Nokogiri version 1.6.7.1 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVEs: CVE-2015-5312 CVSS v2 Base Score: 7.1 HIGH The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion,...

7.1CVSS3.4AI score0.0721EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/12/15 12:0 a.m.47 views

Ubuntu 14.04 LTS : libxml2 vulnerabilities (USN-2834-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2834-1 advisory. Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a...

7.1CVSS7.1AI score0.0721EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2015/12/15 12:0 a.m.55 views

Amazon Linux AMI : libxml2 (ALAS-2015-628)

A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. The xmlParseConditionalSections...

7.1CVSS7.1AI score0.0721EPSS
Exploits2References12
OpenVAS
OpenVAS
added 2015/12/15 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-2834-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS8AI score0.0721EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/12/15 12:0 a.m.47 views

Amazon Linux: Security Advisory (ALAS-2015-628)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1CVSS8.2AI score0.0721EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2015/12/14 12:53 p.m.65 views

USN-2834-1: libxml2 vulnerabilities

Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. CVE-2015-5312, CVE-2015-7497,...

7.1CVSS7AI score0.0721EPSS
Exploits1
OSV
OSV
added 2015/12/14 12:53 p.m.1 views

USN-2834-1 libxml2 vulnerabilities

Kostya Serebryany discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. CVE-2015-5312, CVE-2015-7497,...

7.1CVSS6.9AI score0.0721EPSS
Exploits1References9
BDU FSTEC
BDU FSTEC
added 2015/12/14 12:0 a.m.3 views

The vulnerability of the xz_decomp function in the libxml2 library, which allows a hacker to trigger a service failure.

The vulnerability of the xzdecomp function in the libxml2 library is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures by using specially crafted XML data...

7.3CVSS6.8AI score0.03199EPSS
Exploits1References7Affected Software2
Amazon
Amazon
added 2015/12/14 12:0 a.m.49 views

Medium: libxml2

Issue Overview: A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. The...

7.1CVSS8.6AI score0.0721EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2015/12/11 12:0 a.m.51 views

Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)

The remote host is running a version of Mac OS X 10.9.5 or 10.10.5 that is missing Security Update 2015-005 or 2015-008. It is, therefore, affected by multiple vulnerabilities in the following components : - apachemodphp - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression -...

10CVSS7AI score0.19984EPSS
Exploits18References56
Tenable Nessus
Tenable Nessus
added 2015/12/10 12:0 a.m.19 views

Apple iOS < 9.2 Multiple Vulnerabilities

Binary data appleios92check.nbin...

10CVSS7.3AI score0.11297EPSS
Exploits10References52
Tenable Nessus
Tenable Nessus
added 2015/12/10 12:0 a.m.64 views

Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities

The remote host is running a version of Mac OS X that is 10.11.x prior to 10.11.2. It is, therefore, affected by multiple vulnerabilities in the following components : - apachemodphp - AppSandbox - Bluetooth - CFNetwork HTTPProtocol - Compression - Configuration Profiles - CoreGraphics - CoreMedi...

10CVSS7AI score0.19984EPSS
Exploits18References58
Rows per page
Query Builder