Filtered by vendor Xmlsoft
Subscribe
Total
116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3627 | 7 Canonical, Debian, Hp and 4 more | 14 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 11 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. | |||||
| CVE-2016-2073 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. | |||||
| CVE-2016-1840 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2016-1839 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2016-1838 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2016-1837 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. | |||||
| CVE-2016-1836 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. | |||||
| CVE-2016-1834 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2016-1833 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Safari and 12 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | |||||
| CVE-2016-1684 | 2 Google, Xmlsoft | 2 Chrome, Libxslt | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2016-1683 | 7 Canonical, Debian, Google and 4 more | 10 Ubuntu Linux, Debian Linux, Chrome and 7 more | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2015-9019 | 1 Xmlsoft | 1 Libxslt | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. | |||||
| CVE-2015-8806 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. | |||||
| CVE-2015-8710 | 2 Debian, Xmlsoft | 2 Debian Linux, Libxml2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment. | |||||
| CVE-2015-8317 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. | |||||
| CVE-2015-8242 | 5 Apple, Canonical, Hp and 2 more | 12 Iphone Os, Mac Os X, Tvos and 9 more | 2024-11-21 | 5.8 MEDIUM | N/A |
| The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | |||||
| CVE-2015-8241 | 5 Canonical, Debian, Hp and 2 more | 9 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 6 more | 2024-11-21 | 6.4 MEDIUM | N/A |
| The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. | |||||
| CVE-2015-8035 | 4 Apple, Canonical, Debian and 1 more | 7 Iphone Os, Mac Os X, Tvos and 4 more | 2024-11-21 | 2.6 LOW | N/A |
| The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. | |||||
| CVE-2015-7995 | 2 Apple, Xmlsoft | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue. | |||||