Lucene search
K

6942 matches found

Prion
Prion
added 2015/11/18 4:59 p.m.29 views

Design/Logic Flaw

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

2.6CVSS6.7AI score0.03199EPSS
Exploits1References25Affected Software7
CVE
CVE
added 2015/11/18 4:0 p.m.136 views

CVE-2015-7941

CVE-2015-7941 affects libxml2 2.9.2, where parsing does not stop on invalid input, enabling a context-dependent attacker to trigger an out-of-bounds read and crash via crafted XML data in xmlParseEntityDecl or xmlParseConditionalSections. Connected docs confirm corroborating DoS/out-of-bounds rep...

4.3CVSS6.6AI score0.03069EPSS
Exploits0References22Affected Software1
Debian CVE
Debian CVE
added 2015/11/18 4:0 p.m.33 views

CVE-2015-7942

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and crash via crafted XML data, a different vulnerability than...

6.8CVSS7.9AI score0.04737EPSS
Exploits1
Debian CVE
Debian CVE
added 2015/11/18 4:0 p.m.30 views

CVE-2015-8035

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

2.6CVSS7.2AI score0.03199EPSS
Exploits1
Cvelist
Cvelist
added 2015/11/18 4:0 p.m.29 views

CVE-2015-7941

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and libxml2 crash via crafted XML data to the 1 xmlParseEntityDecl or 2 xmlParseConditionalSections function in parser.c, as demonstrated by...

8.3AI score0.03069EPSS
Exploits0References22
CVE
CVE
added 2015/11/18 4:0 p.m.156 views

CVE-2015-7942

CVE-2015-7942 affects libxml2 and describes a denial-of-service/ crash caused by a heap-based buffer issue in the xmlParseConditionalSections function when parsing crafted XML data, leading to an out-of-bounds read. The initial document provides concrete details: vulnerable component is libxml2 (...

6.8CVSS6.6AI score0.04737EPSS
Exploits1References29Affected Software2
CVE
CVE
added 2015/11/18 4:0 p.m.368 views

CVE-2015-8035

Summary (CVE-2015-8035) : In libxml2, the xz_decomp function in xzlib.c does not properly detect compression errors, enabling a denial-of-service condition (process hang) via crafted XML data. Affected: libxml2 up to 2.9.1 (and related 2.9.x lines in later advisories) with potential impact across...

2.6CVSS6.6AI score0.03199EPSS
Exploits1References25Affected Software1
Cvelist
Cvelist
added 2015/11/18 4:0 p.m.29 views

CVE-2015-8035

The xzdecomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service process hang via crafted XML data...

6.6AI score0.03199EPSS
Exploits1References25
Debian CVE
Debian CVE
added 2015/11/18 4:0 p.m.27 views

CVE-2015-7941

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and libxml2 crash via crafted XML data to the 1 xmlParseEntityDecl or 2 xmlParseConditionalSections function in parser.c, as demonstrated by...

4.3CVSS8AI score0.03069EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/11/18 12:0 a.m.31 views

CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

6.4CVSS7.3AI score0.06908EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/11/18 12:0 a.m.27 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

5.8CVSS7.3AI score0.04268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2015/11/18 12:0 a.m.6 views

PT-2015-3257

Name of the Vulnerable Software and Affected Versions libxml2 version 2.9.2 Description The issue is caused by the xmlNextChar function in libxml2 not properly checking the state, allowing context-dependent attackers to cause a denial of service or obtain sensitive information via crafted XML dat...

10CVSS7.5AI score0.51733EPSS
Exploits17References111
OSV
OSV
added 2015/11/18 12:0 a.m.3 views

UBUNTU-CVE-2015-8241

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service heap-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

6.4CVSS7.4AI score0.06908EPSS
Exploits0References4
OSV
OSV
added 2015/11/18 12:0 a.m.2 views

UBUNTU-CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service stack-based buffer over-read and application crash or obtain sensitive information via crafted XML data...

5.8CVSS7.3AI score0.04268EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/11/17 12:0 a.m.39 views

Ubuntu: Security Advisory (USN-2812-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.6AI score0.0634EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2015/11/17 12:0 a.m.38 views

Ubuntu 14.04 LTS : libxml2 vulnerabilities (USN-2812-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2812-1 advisory. Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted...

6.8CVSS7.6AI score0.0634EPSS
Exploits2References5
OSV
OSV
added 2015/11/16 6:19 p.m.3 views

USN-2812-1 libxml2 vulnerabilities

Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS,...

6.8CVSS7AI score0.0634EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2015/11/08 12:0 a.m.40 views

Mageia: Security Advisory (MGASA-2015-0423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.6AI score0.04737EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2015/11/08 12:0 a.m.37 views

Mageia: Security Advisory (MGASA-2015-0433)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.6CVSS7.5AI score0.03199EPSS
Exploits1References4
CNVD
CNVD
added 2015/11/07 12:0 a.m.1 views

Libxml2 'parser.c' Remote Denial of Service Vulnerability

Libxml2 is a C-based language used to parse XML documents library , which supports a variety of encoding formats , Xpath parsing , Well-formed and valid validation . A security vulnerability exists in Libxml2 'parser.c' that allows remote attackers to submit special requests and conduct...

2.6CVSS8.1AI score0.03199EPSS
Exploits1References1
Rows per page
Query Builder