Lucene search
+L

64 matches found

OSV
OSV
added 2025/06/16 4:15 p.m.10 views

AZL-64095 CVE-2025-49794 affecting package libxml2 for versions less than 2.10.4-8

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

9.1CVSS6.7AI score0.00669EPSS
Exploits0References1
OSV
OSV
added 2025/06/16 4:15 p.m.1 views

DEBIAN-CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

9.1CVSS6.6AI score0.00669EPSS
Exploits0References1
OSV
OSV
added 2025/06/16 4:15 p.m.2 views

UBUNTU-CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

9.1CVSS6.7AI score0.00669EPSS
Exploits0References4
OSV
OSV
added 2025/06/16 3:24 p.m.3 views

CVE-2025-49794 Libxml: heap use after free (uaf) leads to denial of service (dos)

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

9.1CVSS6.7AI score0.00669EPSS
Exploits0References37
ATTACKERKB
ATTACKERKB
added 2025/06/16 3:24 p.m.5 views

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

9.1CVSS6.6AI score0.00669EPSS
Exploits0References30
AlpineLinux
AlpineLinux
added 2025/06/16 3:24 p.m.2 views

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

9.1CVSS6.9AI score0.00669EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/06/14 2:54 a.m.4 views

SUSE CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

8.2CVSS6.9AI score0.00669EPSS
Exploits0References13
Snyk
Snyk
added 2025/06/11 12:0 a.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper namespace processing of sch:name elements in xmlSchematronFormatReport function. An attacker can cause a denial of service or potentially execute arbitrary code by providing specially crafted XML input...

9.1CVSS7.3AI score0.01437EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/11 12:0 a.m.1 views

Out-of-bounds Read

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Out-of-bounds Read due to improper namespace processing of sch:name elements in xmlSchematronFormatReport function. An attacker can cause a denial of service or potentially execu...

9.1CVSS7.5AI score0.01437EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/10 12:0 a.m.4 views

Expired Pointer Dereference

Overview Affected versions of this package are vulnerable to Expired Pointer Dereference via 'xmlSchematronGetNode function in Schematron validator. An attacker can cause a crash or execute arbitrary code by triggering use of freed memory. Remediation Upgrade libxml2 to version 2.14.5 or higher...

9.1CVSS7.2AI score0.00669EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/10 12:0 a.m.5 views

Expired Pointer Dereference

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Expired Pointer Dereference via 'xmlSchematronGetNode function in Schematron validator. An attacker can cause a crash or execute arbitrary code by triggering use of freed memory...

9.1CVSS7.2AI score0.00669EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:47 a.m.10 views

CVE-2024-52800

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

2.3CVSS7.8AI score0.01063EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/12/02 5:15 p.m.20 views

veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability

Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standa...

2.3CVSS8AI score0.01063EPSS
Exploits0References4Affected Software9
OSV
OSV
added 2024/12/02 5:15 p.m.4 views

GHSA-4CX5-89VM-833X veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability

Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standa...

2.3CVSS6.4AI score0.01063EPSS
Exploits0References4
CVE
CVE
added 2024/11/29 6:20 p.m.61 views

CVE-2024-52800

The CVE-2024-52800 issue affects veraPDF: when executing policy checks via the CLI using custom Schematron-based policy files, an XSL transformation may enable a remote code execution (RCE) or XXE-type vector. The vulnerability concerns the policy-check workflow (policy profiles with user-provide...

2.3CVSS7.7AI score0.01063EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/29 6:20 p.m.11 views

CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

2.3CVSS7.8AI score0.01063EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/29 6:20 p.m.26 views

CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

2.3CVSS0.01063EPSS
Exploits0References2
OSV
OSV
added 2024/11/29 6:20 p.m.7 views

CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI

veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...

2.3CVSS7.8AI score0.01063EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/29 12:0 a.m.5 views

veraPDF-library 代码问题漏洞

veraPDF-library is veraPDF open source an open source PDF/A validation library . A code issue vulnerability exists in veraPDF-library, which stems from the fact that using a custom schematron file enforcement policy check via the CLI invokes an XSL transformation, which could theoretically lead t...

2.3CVSS7.6AI score0.01063EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/03 12:0 a.m.8 views

PT-2024-8938 · Verapdf · Verapdf

Name of the Vulnerable Software and Affected Versions: veraPDF affected versions not specified Description: The issue is related to the execution of policy checks using custom schematron files via the CLI, which invokes an XSL transformation that may theoretically lead to a remote code execution...

2.3CVSS7.9AI score0.01063EPSS
Exploits0References8
Rows per page
Query Builder