Lucene search
K

21 matches found

CVE
CVE
added 2016/09/25 10:0 a.m.414 views

CVE-2016-4658

CVE-2016-4658 affects libxml2 up to version 2.9.4 (and is noted in Apple platforms such as iOS/OS X/watchOS as affected). The issue arises from allowing namespace nodes in XPointer ranges, which can enable a remote attacker to cause arbitrary code execution or a denial of service (use-after-free/...

10CVSS8AI score0.08628EPSS
CVE
CVE
added 2016/07/23 7:0 p.m.322 views

CVE-2016-5131

CVE-2016-5131 is a use-after-free in libxml2 up to version 2.9.4 (as used in Chrome before 52.0.2743.82) triggered by XPointer range-to, leading to possible denial of service and potentially other impact. Connected advisories reaffirms libxml2 as the vulnerable component and references several ve...

8.8CVSS7.8AI score0.0227EPSS
CVE
CVE
added 2016/05/16 10:0 a.m.280 views

CVE-2015-6837

The vulnerability CVE-2015-6837/6838 is a NULL pointer dereference in PHP’s XSLTProcessor (ext/xsl/xsltprocessor.c) when using libxslt, triggered by valuePop() returning NULL without a check. Affected PHP versions are prior to 5.4.45, 5.5.x prior to 5.5.29, and 5.6.x prior to 5.6.13 when libxml2

7.5CVSS7.6AI score0.06574EPSS
CVE
CVE
added 2016/05/16 10:0 a.m.273 views

CVE-2015-6838

CVE-2015-6838 affects PHP’s XSLTProcessor (ext/xsl/xsltprocessor.c). When libxml2 before 2.9.2 is used, the code does not guard the return value of valuePop(), allowing a NULL pointer dereference that can crash the application (denial of service). The vulnerability is documented as: PHP versions ...

7.5CVSS7.6AI score0.07276EPSS
CVE
CVE
added 2016/06/09 4:0 p.m.245 views

CVE-2016-4447

CVE-2016-4447 affects libxml2 up to version before 2.9.4. The vulnerability is in the xmlParseElementDecl function (parser.c) where a crafted file via xmlParseName can cause a heap-based buffer underread, leading to denial of service (application crash). Remediation: upgrade to libxml2 2.9.4 or n...

7.5CVSS8.1AI score0.1398EPSS
CVE
CVE
added 2016/06/09 4:0 p.m.223 views

CVE-2016-4448

CVE-2016-4448 is a format-string vulnerability in libxml2 (pre-2.9.4). The connected F5 advisory confirms libxml2 is the vulnerable component across multiple BIG-IP products and lists specific BIG-IP families/versions as vulnerable, with a table guiding upgrades to non‑vulnerable releases. Impact...

10CVSS9.5AI score0.07039EPSS
CVE
CVE
added 2016/11/16 12:0 a.m.193 views

CVE-2016-9318

CVE-2016-9318 affects libxml2 (versions 2.9.4 and earlier) used in XMLSec 1.2.23 and earlier. The flaw is that libxml2 does not expose a flag indicating that the current document may be read but other files may not, enabling XML External Entity (XXE) style attacks via a crafted document. Affected...

5.5CVSS5.4AI score0.02938EPSS
CVE
CVE
added 2016/05/17 2:0 p.m.192 views

CVE-2016-3627

CVE-2016-9596, related to libxml2 used in Red Hat JBoss Core Services, allows a denial of service via crafted XML when in recovery mode. This vulnerability exists because of an incorrect fix for CVE-2016-3627 and results in stack consumption. The issue is specifically described as a DoS (stack gr...

7.5CVSS7AI score0.07025EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.185 views

CVE-2016-1839

CVE-2016-1839 involves libxml2 where the xmlDictAddString function in dict.c can cause a heap-based buffer over-read, leading to a denial of service. The issue affects libxml2 up to version 2.9.4 (as used in Apple iOS, macOS, tvOS, watchOS). A later linked entry (CVE-2017-9050) confirms this was ...

5.5CVSS6.4AI score0.07347EPSS
CVE
CVE
added 2016/03/24 1:0 a.m.165 views

CVE-2016-1762

CVE-2016-1762 (and related libxml2 flaws) affects the GNOME libxml2 library where crafted XML input can cause denial of service or code execution. The primary cited issue is a heap-based buffer over-read in xmlNextChar prior to libxml2 2.9.4. Public advisories list multiple CVEs (e.g., 2016-1833/...

8.1CVSS7AI score0.06466EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.153 views

CVE-2016-1834

CVE-2016-1834 describes a heap-based buffer overflow in libxml2's xmlStrncat function prior to 2.9.4, affecting Apple iOS/tvOS/watchOS and OS X before patched versions. Exploitation could lead to remote code execution or memory corruption and potential denial of service when processing crafted XM...

9.3CVSS8.6AI score0.04622EPSS
CVE
CVE
added 2016/05/17 2:0 p.m.152 views

CVE-2016-3705

CVE-2016-3705 affects libxml2 (tracked in CVE-2016-3705) and is caused by insufficient tracking of recursion depth in parser.c (functions xmlParserEntityCheck and xmlParseAttValueComplex). A crafted XML document with many nested entity references can exhaust the stack, causing a denial of service...

7.5CVSS7.6AI score0.05103EPSS
CVE
CVE
added 2016/04/11 9:0 p.m.150 views

CVE-2015-8710

CVE-2015-8710 affects libxml2: denial of service and possible information disclosure from an out-of-bounds memory access when parsing an unclosed HTML comment. Publicly reported in multiple vendor advisories (IBM IMM/IMM2, RackSwitch, F5 BIG-IP, Rational DOORS, etc.). Remediation across products ...

9.8CVSS9.7AI score0.04925EPSS
CVE
CVE
added 2016/06/09 4:0 p.m.150 views

CVE-2016-4449

CVE-2016-4449 is an XML External Entity (XXE) vulnerability in libxml2’s parser.c (xmlStringLenDecodeEntities) affecting libxml2 up to version 2.9.4. ALT Linux advisory entries show a confirmed fix in libxml2 version 2.9.4.0.12.e905-alt1 (and related package updates), indicating that patches were...

7.1CVSS8.2AI score0.01661EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.142 views

CVE-2016-1840

CVE-2016-1840: libxml2 contains a heap-based buffer overflow in xmlFAParsePosCharGroup (pre-2.9.4). Affected on Apple iOS (pre-9.3.2), OS X (pre-10.11.5), tvOS (pre-9.2.1), watchOS (pre-2.2.1); can lead to remote code execution or memory corruption. Remediation: upgrade libxml2 to 2.9.4 or later ...

7.8CVSS8.6AI score0.03239EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.141 views

CVE-2016-1838

CVE-2016-1838 refers to a vulnerability in libxml2 where the xmlPArserPrintFileContextInternal function can be exploited by a crafted XML document to cause a heap-based overflow/read, leading to a denial of service or potential escalation. The initial description notes the issue affects libxml2 u...

5.5CVSS6.3AI score0.06943EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.139 views

CVE-2016-1833

CVE-2016-1833 is a libxml2 memory corruption issue where the htmlCurrentChar function can cause a heap-based buffer over-read during parsing of crafted XML. Public details in connected docs indicate affected platforms include Apple iOS, macOS, tvOS, watchOS and related libxml2 usage, with version...

5.5CVSS6.3AI score0.02559EPSS
CVE
CVE
added 2016/04/13 5:0 p.m.138 views

CVE-2015-8806

CVE-2015-8806 — libxml2 heap-buffer overread in dict.c . A remote attacker can crash an affected application by sending a crafted HTML document containing an unexpected character immediately after the "

7.5CVSS7.1AI score0.04964EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.138 views

CVE-2016-1837

CVE-2016-1837 is a use-after-free/memory corruption vulnerability in libxml2 affecting the htmlParsePubidLiteral and htmlParseSystemLiteral paths, leading to denial of service. Public references in the Initial document note a MEDIUM (CVSSv3 base 5.5) impact with LOCAL attack vector and user inter...

5.5CVSS6.6AI score0.04092EPSS
CVE
CVE
added 2016/05/20 10:0 a.m.137 views

CVE-2016-1836

CVE-2016-1836 is a use-after-free in libxml2 (xmlDictComputeFastKey). Public mentions tie it to libxml2 up to 2.9.4, with affected Apple platforms (iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, watchOS before 2.2.1) and a DoS impact via crafted XML, per vendor advisories. Connected do...

5.5CVSS6.5AI score0.03926EPSS
CVE
CVE
added 2016/02/12 3:26 p.m.113 views

CVE-2016-2073

CVE-2016-2073 affects libxml2: a vulnerability in htmlParseNameComplex() can cause a heap-based buffer overflow / out-of-bounds read, leading to potential denial of service or code execution when processing a crafted XML file. The connected IBM/IBM Guards pages confirm the issue and list affected...

6.5CVSS7.1AI score0.0231EPSS