CentOS 7 : libxslt (RHSA-2020:4005)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4005 advisory. - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving ...

NewStart CGSL MAIN 6.02 : libxslt Multiple Vulnerabilities (NS-SA-2021-0088)

The remote NewStart CGSL host, running version MAIN 6.02, has libxslt packages installed that are affected by multiple vulnerabilities: - libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error...

CVE-2020-25675

In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a...

Oracle Linux 8 : libxslt (ELSA-2020-4464)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4464 advisory. - Fix CVE-2019-18197 1775517 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

Moderate: libxslt security update

libxslt is a library for transforming XML files into other textual formats including HTML, plain text, and other XML representations of the underlying data using the standard XSLT stylesheet transformation mechanism. Security Fixes: libxslt: xsltCheckRead and xsltCheckWrite routines security bypa...

libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

EulerOS Virtualization for ARM 64 3.0.2.0 : libxslt (EulerOS-SA-2020-1215)

According to the versions of the libxslt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for...

CVE-2019-18197

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

libxslt buffer overflow vulnerability (CNVD-2019-36942)

libxslt is an XSLT XML language for defining XML transformations C library. A buffer overflow vulnerability exists in the xsltCopyText of the transform.c file in libxslt version 1.1.33, which can be exploited by an attacker to cause a buffer overflow or heap overflow...

CVE-2019-18197

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

CVE-2019-18197

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

CVE-2019-18197

CVE-2019-18197 affects libxslt 1.1.33: in xsltCopyText (transform.c) a pointer variable isn’t reset under certain circumstances, and if the memory area freed and reused in a specific way, a bounds check could fail and memory outside a buffer could be written to or uninitialized data disclosed. Mu...

CVE-2019-18197

In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be...

Symlink Attack

Augeas is vulnerable to symlink attack. The attack is possible because transformsave function in transform.c does not prevent a local user to trigger a symlink attack on a .augnew file...

World Writable Permissions

augeas is vulnerable to world writable permissions. The vulnerability exists as the transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files...

DEBIAN-CVE-2017-5029

The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of...

Code injection

The transformsave function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors...