CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2016-9597 – libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)
https://notcve.org/view.php?id=CVE-2016-9597
30 Jul 2018 — It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. Se ha descubierto que el erratum de Red Hat JBoss Core Services RHSA-2016:2957 para CVE-2016-3705 no incluía la solución al problema en libxml2, lo que lo hace vulnerable a un ataque de denegación de servicio (DoS) debido ... • http://www.securityfocus.com/bid/98567 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8945
https://notcve.org/view.php?id=CVE-2017-8945
15 Feb 2018 — A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found. Se ha encontrado una vulnerabilidad de divulgación de información remota no autorizada en HPE IceWall Federation Agent 3.0. • http://www.securityfocus.com/bid/98711 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.9EPSS: 10%CPEs: 51EXPL: 0CVE-2016-6306 – openssl: certificate message OOB reads
https://notcve.org/view.php?id=CVE-2016-6306
22 Sep 2016 — The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. El analizador certificado en OpenSSL en versiones anteriores a 1.0.1u y 1.0.2 en versiones anteriores a 1.0.2i podría permitir a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de operaciones certificadas manipuladas, relacionado con s3_clnt.c y s3_... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 36%CPEs: 38EXPL: 0CVE-2016-2182 – openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()
https://notcve.org/view.php?id=CVE-2016-2182
16 Sep 2016 — The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. La función BN_bn2dec en crypto/bn/bn_print.c en OpenSSL en versiones anteriores a 1.1.0 no valida adecuadamente resultados de la división, lo que permite a atacantes remotos provocar una denegación de servicio (escritura fuera de ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 12%CPEs: 18EXPL: 1CVE-2016-4447 – libxml2: Heap-based buffer underreads due to xmlParseName
https://notcve.org/view.php?id=CVE-2016-4447
27 May 2016 — The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. La función xmlParseElementDecl en parser.c en libxml2 en versiones anteriores a 2.9.4 permite a atacantes dependientes del contexto provocar una denegación de servicio (underread basado en memoria dinámica y caída de aplicación) a través de un archivo manipulado, con la participació... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 2%CPEs: 42EXPL: 0CVE-2016-4448 – libxml2: Format string vulnerability
https://notcve.org/view.php?id=CVE-2016-4448
27 May 2016 — Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Vulnerabilidad de formato de cadena en libxml2 en versiones anteriores a 2.9.4 permite a atacantes tener un impacto no especificado a través de especificadores de formato de cadena en vectores desconocidos. It was discovered that libxml2 incorrectly handled format strings. If a user or automated system were tricked into opening a specially crafted document, an atta... • http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2016-3705 – libxml2: stack overflow before detecting invalid XML file
https://notcve.org/view.php?id=CVE-2016-3705
17 May 2016 — The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. Las funciones (1) xmlParserEntityCheck y (2) xmlParseAttValueComplex en parser.c en libxml2 2.9.3 no hace seguimiento de manera adecuada de la profundidad de recursivi... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html • CWE-20: Improper Input Validation CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 1CVE-2016-3627 – libxml2: stack exhaustion while parsing xml files in recovery mode
https://notcve.org/view.php?id=CVE-2016-3627
03 May 2016 — The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. La función xmlStringGetNodeList en tree.c en libxml2.2.9.3 y versiones anteriores, cuando se utiliza en modo de recuperación, permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito, consumo de pila y caída de la ... • https://packetstorm.news/files/id/136900 • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 2%CPEs: 13EXPL: 0CVE-2015-7497 – libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey
https://notcve.org/view.php?id=CVE-2015-7497
07 Dec 2015 — Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en la función xmlDictComputeFastQKey en dict.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto causar una denegación de servicio a través de vectores no especificados. A denial of service flaw was found in libxml2. A remote attack... • http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 13EXPL: 0CVE-2015-7498 – libxml2: Heap-based buffer overflow in xmlParseXmlDecl
https://notcve.org/view.php?id=CVE-2015-7498
07 Dec 2015 — Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. Desbordamiento de buffer basado en memoria dinámica en la función xmlParseXmlDecl en parser.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto causar una denegación de servicio a través de vectores no especificados relacio... • http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •