18 results (0.021 seconds)

CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 2

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. En libxml2 versiones anteriores a 2.9.14, varias funciones de manejo de búferes en buf.c (xmlBuf*) y tree.c (xmlBuffer*) no comprueban los desbordamientos de enteros. • http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14 https://gitlab.gnome.org/GNOME/libxslt/-/tags https://lists.debian.org/debian-lts-announce/2022/05/msg0 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un uso de memoria previamente liberada en Blink XSLT en Google Chrome versiones anteriores a 91.0.4472.164, permitía a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada • https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html https://crbug.com/1219209 https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html https://security.gentoo.org/glsa/202310-23 https://www.debian.org/security/2022/dsa-5216 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. Una confusión de tipo en la función xsltNumberFormatGetMultipleLevel versiones anteriores a libxslt versión 1.1.33, podría permitir a atacantes explotar potencialmente la corrupción de la pila por medio de datos XML diseñados. • https://bugs.chromium.org/p/chromium/issues/detail?id=930663 https://gitlab.gnome.org/GNOME/libxslt/commit/08b62c25871b38d5d573515ca8a065b4b8f64f6b https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html https://access.redhat.com/security/cve/CVE-2019-5815 https://bugzilla.redhat.com/show_bug.cgi?id=1702905 • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.8EPSS: 0%CPEs: 31EXPL: 0

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. libxslt hasta la versión 1.1.33 permite omitir los mecanismos de protección debido a que los callers xsltCheckRead y xsltCheckWrite permiten acceso incluso después de recibir el código de error -1. xsltCheckRead puede devolver -1 para una URL creada que no es realmente inválida y que se carga posteriormente. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html http://www.openwall.com/lists/oss-security/2019/04/22/1 http://www.openwall.com/lists/oss-security/2019/04/23/5 https • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. En libxslt 1.1.29 y anteriores, la función EXSLT math.random no se inició con una seed aleatoria durante el arranque, lo que podría hacer que el uso de esta función produzca salidas predecibles. • https://bugzilla.gnome.org/show_bug.cgi?id=758400 https://bugzilla.suse.com/show_bug.cgi?id=934119 • CWE-330: Use of Insufficiently Random Values •