CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 1CVE-2017-10672
https://notcve.org/view.php?id=CVE-2017-10672
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call. Uso de memoria previamente liberada en el módulo XML-LibXML hasta la versión 2.0129 para Perl permite que atacantes remotos ejecuten código arbitrario controlando los argumentos de una llamada replaceChild. • https://lists.debian.org/debian-lts-announce/2017/11/msg00017.html https://rt.cpan.org/Public/Bug/Display.html?id=122246 https://www.debian.org/security/2017/dsa-4042 • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2015-3451
https://notcve.org/view.php?id=CVE-2015-3451
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function. La función _clone en XML::LibXML en versiones anteriores a 2.0119 no establece correctamente la opción expand_entities, lo que permite a atacantes remotos llevar a cabo ataques de entidad externa XML (XXE) a través de datos XML manipulados a la función (1) new o (2) load_xml. • http://advisories.mageia.org/MGASA-2015-0199.html http://cpansearch.perl.org/src/SHLOMIF/XML-LibXML-2.0119/Changes http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157448.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157740.html http://lists.opensuse.org/opensuse-updates/2015-09/msg00006.html http://www.debian.org/security/2015/dsa-3243 http://www.mandriva.com/security/advisories?name=MDVSA-2015:231 http://www.openwall.com/lists/oss-security/20 • CWE-611: Improper Restriction of XML External Entity Reference •