CVSS: 5.0EPSS: 0%CPEs: 20EXPL: 0CVE-2015-7499 – libxml2: Heap-based buffer overflow in xmlGROW
https://notcve.org/view.php?id=CVE-2015-7499
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en la función xmlGROW en parser.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto obtener información sensible de la memoria de proceso a través de vectores no especificados. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html http://marc.info/?l=bugtraq&m=145382616617563&w=2 http://rhn.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 2CVE-2015-7942 – libxml2: heap-based buffer overflow in xmlParseConditionalSections()
https://notcve.org/view.php?id=CVE-2015-7942
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. La función xmlParseConditionalSections en parser.c en libxml2 no omite adecuadamente las entidades intermediarias cuando se detiene el análisis de entrada no válida, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (lectura fuera de rango y caída) a través de datos XML manipulados, una vulnerabilidad diferente a CVE-2015-7941. A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html http://lists.opensuse.org/opensuse-updates/2015- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 4.3EPSS: 1%CPEs: 8EXPL: 1CVE-2015-8035 – libxml2: DoS caused by incorrect error detection during XZ decompression
https://notcve.org/view.php?id=CVE-2015-8035
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. La función xz_decomp en xzlib.c en libxml2 2.9.1 no detecta adecuadamente los errores de compresión, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (cuelgue del proceso) a través de datos XML manipulados. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html http://lists.opensuse.org/opensuse-updates/2015- • CWE-252: Unchecked Return Value CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 4CVE-2015-5522
https://notcve.org/view.php?id=CVE-2015-5522
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. Desbordamiento de buffer basado en memoria dinámica en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando un carácter de comando en un href. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.debian.org/security/2015/dsa-3309 http://www.openwall.com/lists/oss-security/2015/06/04/2 http://www.openwall.com/lists/oss-security/2015/07/13/7 http://www.openwall.com/lists/oss-security/2015/07/15/3 http://www.securityfocus.com/bid/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 9EXPL: 3CVE-2015-5523
https://notcve.org/view.php?id=CVE-2015-5523
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. Vulnerabilidad en la función ParseValue en lexer.c en tidy en versiones anteriores a 4.9.31, permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores implicando múltiples espacios en blanco antes de un href vacío, lo que desencadena una asignación de memoria de gran tamaño. • http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.debian.org/security/2015/dsa-3309 http://www.openwall.com/lists/oss-security/2015/06/04/2 http://www.openwall.com/lists/oss-security/2015/07/13/7 http://www.openwall.com/lists/oss-security/2015/07/15/3 http://www.securityfocus.com/bid/7 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •