CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8872 – Ubuntu Security Notice USN-4991-1
https://notcve.org/view.php?id=CVE-2017-8872
10 May 2017 — The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. La función htmlParseTryOrFinish en HTMLparser.c en libxml2 2.9.4 permite a los atacantes causar una denegación de servicio (sobrelectura de búfer) o divulgación de información. Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or po... • https://bugzilla.gnome.org/show_bug.cgi?id=775200 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5969 – Gentoo Linux Security Advisory 201711-01
https://notcve.org/view.php?id=CVE-2017-5969
11 Apr 2017 — libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser. ** DISPUTADO ** libxml2 2.9.4, cuando se utiliza en el modo de recuperación, permite a los atacantes remotos provocar una denegación de servicio (referencia de puntero NULL) por medio de un documento XML ... • http://www.openwall.com/lists/oss-security/2016/11/05/3 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2015-9019
https://notcve.org/view.php?id=CVE-2015-9019
05 Apr 2017 — In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. En libxslt 1.1.29 y anteriores, la función EXSLT math.random no se inició con una seed aleatoria durante el arranque, lo que podría hacer que el uso de esta función produzca salidas predecibles. • https://bugzilla.gnome.org/show_bug.cgi?id=758400 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 0CVE-2017-5029 – chromium-browser: integer overflow in libxslt
https://notcve.org/view.php?id=CVE-2017-5029
14 Mar 2017 — The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. La función xsltAddTextString en transform.c en libxslt 1.1.29, tal como se utiliza en Blink en Google Chrome anteriores a 57.0.2987.98 para Mac, Windows y Linux y 57.0.298... • http://rhn.redhat.com/errata/RHSA-2017-0499.html • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 1CVE-2016-9318 – libxml2: XML External Entity vulnerability
https://notcve.org/view.php?id=CVE-2016-9318
16 Nov 2016 — libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. libxml2 2.9.4 y versiones anteriores, como se usa en XMLSec 1.2.23 y versiones anteriores y otros productos, no ofrece un indicador que indique directamente que el documento actual puede ser leido pero... • http://www.securityfocus.com/bid/94347 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 19%CPEs: 5EXPL: 0CVE-2016-4658 – libxml2: Use after free via namespace node in XPointer ranges
https://notcve.org/view.php?id=CVE-2016-4658
20 Sep 2016 — xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document. xpointer.c en libxml2, en versiones anteriores a la 2.9.5 (tal y como se usa en Apple iOS en versiones anteriores a la 10, OS X en versiones anteriores a la 10.12,... • http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 8.8EPSS: 5%CPEs: 17EXPL: 0CVE-2016-5131 – libxml2: Use after free triggered by XPointer paths beginning with range-to
https://notcve.org/view.php?id=CVE-2016-5131
23 Jul 2016 — Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. Vulnerabilidad de uso después de liberación de memoria en libxml2 hasta la versión 2.9.4, como se utiliza en Google Chrome en versiones anteriores a 52.0.2743.82, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto ... • http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2016-4608 – Apple Security Advisory 2016-07-18-3
https://notcve.org/view.php?id=CVE-2016-4608
19 Jul 2016 — libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones an... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2016-4610 – Apple Security Advisory 2016-07-18-3
https://notcve.org/view.php?id=CVE-2016-4610
19 Jul 2016 — libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones an... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 9EXPL: 0CVE-2016-4607 – Apple Security Advisory 2016-07-18-3
https://notcve.org/view.php?id=CVE-2016-4607
19 Jul 2016 — libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. libxslt en Apple iOS en versiones anteriores a 9.3.3, OS X en versiones anteriores a 10.11.6, iTunes en versiones a ... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •