Page 18 of 89 results (0.033 seconds)

CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento XML manipulado. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://lists.vmware.com/pipermail/security-announce/2008/000039.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html http://secunia.com/advisories/31558 http://secunia.com/advisories/31566 http://secunia.com/advisories/31590 http://secunia.com/advisories/3172 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVSS: 10.0EPSS: 13%CPEs: 16EXPL: 2

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. • https://www.exploit-db.com/exploits/24704 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://marc.info/?l=bugtraq&m=109880813013482&w=2 http://secunia.com/advisories/13000 http://securitytracker.com/id?1011941 http://www.ciac.org/ciac/bulletins/p-029.shtml http://www.debian.org/security/2004/dsa-582 http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml http://www&# •

CVSS: 7.5EPSS: 67%CPEs: 14EXPL: 1

Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. Desbordamiento de búfer en los módulos (1) nanohttp o (2) nanoftp en XMLSoft Libxml2 2.6.0 a 2.6.5 permite a atacantes remotos ejecutar código arbitrario mediante una URL larga. • https://www.exploit-db.com/exploits/601 http://marc.info/?l=bugtraq&m=107851606605420&w=2 http://marc.info/?l=bugtraq&m=107860178228804&w=2 http://rhn.redhat.com/errata/RHSA-2004-090.html http://secunia.com/advisories/10958 http://security.gentoo.org/glsa/glsa-200403-01.xml http://www.ciac.org/ciac/bulletins/o-086.shtml http://www.debian.org/security/2004/dsa-455 http://www.kb.cert.org/vuls/id/493966 http://www.novell.com/linux/security/advisories&#x •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." • http://mail.gnome.org/archives/xml/2008-August/msg00034.html http://secunia.com/advisories/31868 http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2 http://www.redhat.com/support/errata/RHSA-2008-0886.html http://www.stylusstudio.com/xmldev/200302/post20020.html http://xmlsoft.org/news.html https://access.redhat.com/security/cve/CVE-2003-1564 https://bugzilla.redhat.com/show_bug.cgi?id=461107 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •