Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2022/10/06 12:0 a.m.72 views

F5 Networks BIG-IP : OpenJDK vulnerability (K10812540)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.8 / 16.1.4 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K10812540 advisory. In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances...

7.5CVSS8.1AI score0.04446EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/24 4:49 p.m.39 views

Uninitialized read in Nokogiri gem

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

5.3CVSS6.6AI score0.06457EPSS
Exploits0References20Affected Software1
OSV
OSV
added 2022/05/24 4:49 p.m.31 views

GHSA-4HM9-844J-JMXP Uninitialized read in Nokogiri gem

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

5.3CVSS6.1AI score0.06457EPSS
Exploits0References19
NVD
NVD
added 2019/12/11 1:15 a.m.19 views

CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

7.5CVSS7.7AI score0.01817EPSS
Exploits0References3
OSV
OSV
added 2019/12/11 1:15 a.m.32 views

CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

7.5CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2019/12/11 1:15 a.m.2 views

DEBIAN-CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

7.5CVSS7.7AI score0.01817EPSS
Exploits0References1
CVE
CVE
added 2019/12/11 12:55 a.m.267 views

CVE-2019-5815

CVE-2019-5815 describes a type confusion in libxslt’s xsltNumberFormatGetMultipleLevel causing heap corruption when processing crafted XML data. Connected advisories (Debian DLA, Debian security tracker, Cloud Foundry USN, etc.) confirm libxslt as the affected component and indicate that fixes ex...

7.5CVSS8AI score0.01817EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/12/11 12:55 a.m.26 views

CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

8.2AI score0.01817EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/12/11 12:55 a.m.35 views

CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

7.5CVSS8.4AI score0.01817EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/07/10 7:21 a.m.38 views

CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

5.3CVSS4.3AI score0.06457EPSS
Exploits0References3
Prion
Prion
added 2019/07/01 2:15 a.m.33 views

Format string

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

5CVSS6AI score0.06457EPSS
Exploits0References13Affected Software6
Prion
Prion
added 2019/07/01 2:15 a.m.26 views

Design/Logic Flaw

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data...

5CVSS5.9AI score0.05147EPSS
Exploits0References41Affected Software12
RedhatCVE
RedhatCVE
added 2019/04/25 8:26 a.m.25 views

CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data...

7.5CVSS3.8AI score0.01817EPSS
Exploits0References4
Rows per page
Query Builder