Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0189

Malware in sbrugna...

6.5CVSS6.9AI score0.02706EPSS
Exploits0References21
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.3 views

SUSE CVE-2016-1253

The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file...

10CVSS9.7AI score0.04828EPSS
Exploits0References3
Veracode
Veracode
added 2018/10/16 3:4 a.m.41 views

Copy-Paste Vulnerability (CPV) Through Libxml2

nokogiri is vulnerable to denial of service DoS attacks. The library uses a vulnerable version of libxml2, causing it to be vulnerable to the following CVEs: 1. CVE-2016-9318: XML External Entity XXE through a crafted document. 2. CVE-2017-16932: Infinite Recursion during parsing. 3...

5.5CVSS6.3AI score0.05928EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2018/04/13 4:17 p.m.45 views

Uncontrolled resource consumption in nokogiri

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

6.5CVSS7AI score0.02706EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2018/04/13 4:17 p.m.29 views

GHSA-882P-JQGM-F45G Uncontrolled resource consumption in nokogiri

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

6.5CVSS6.4AI score0.02706EPSS
Exploits0References9
RubySec
RubySec
added 2018/04/13 12:0 a.m.33 views

Moderate severity vulnerability that affects nokogiri

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file. References: -...

6.5CVSS7.2AI score0.02706EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/04/09 12:0 a.m.2 views

libxml2 Denial of Service Vulnerability (CNVD-2018-08420)

libxml2 is the GNOME project team developed a C-based library for parsing XML documents, which supports multiple encoding formats, Xpath parsing, Well-formed and valid validation. A security vulnerability exists in the 'xzhead' function of the xzlib.c file in versions of libxml2 prior to 2.9.6,...

6.5CVSS9.1AI score0.02706EPSS
Exploits0References1
NVD
NVD
added 2018/04/08 5:29 p.m.23 views

CVE-2017-18258

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

6.5CVSS6.4AI score0.02706EPSS
Exploits0References6
OSV
OSV
added 2018/04/08 5:29 p.m.27 views

CVE-2017-18258

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

6.5CVSS6.2AI score
Exploits0References6
Cvelist
Cvelist
added 2018/04/08 5:0 p.m.20 views

CVE-2017-18258

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

6AI score0.02706EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2018/04/08 5:0 p.m.34 views

CVE-2017-18258

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

6.5CVSS6.8AI score0.02706EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/04/08 12:0 a.m.34 views

CVE-2017-18258

The xzhead function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service memory consumption via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file...

6.5CVSS6.8AI score0.02706EPSS
Exploits0References2
OSV
OSV
added 2017/12/05 4:29 p.m.2 views

UBUNTU-CVE-2016-1253

The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file...

9.8CVSS7.6AI score0.04828EPSS
Exploits0References3
Hacker One
Hacker One
added 2017/09/21 1:10 a.m.21 views

Internet Bug Bounty: Denial of service in libxml2, using malicious lzma file to consume available system memory

Reported to the libxml2 devs on 23 August 2017 Patched on 7 September 2017 It was discovered through fuzzing that malicious LZMA compressed files could consume large amounts of memory when decompressed thus posing a DoS risk. I am unsure if a CVE will be assigned in this case. od -tx1 ./test000...

6.7AI score
Exploits0
Rows per page
Query Builder