VYPR

Vendor CVEs

Xmlsoft

All CVEs

127 total · sorted by risk
  • CVE-2015-8035Nov 18, 2015
    risk 0.00cvss epss 0.03

    The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

  • CVE-2015-7942Nov 18, 2015
    risk 0.00cvss epss 0.05

    The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a…

  • CVE-2015-7941Nov 18, 2015
    risk 0.00cvss epss 0.03

    libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as…

  • CVE-2015-7995Nov 17, 2015
    risk 0.00cvss epss 0.04

    The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

  • CVE-2014-3660Nov 4, 2014
    risk 0.00cvss epss 0.04

    parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested…

  • CVE-2013-0339Jan 21, 2014
    risk 0.00cvss epss 0.04

    libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests…

  • CVE-2013-4520Dec 14, 2013
    risk 0.00cvss epss 0.02

    xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

  • CVE-2013-2877Jul 10, 2013
    risk 0.00cvss epss 0.05

    parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

  • CVE-2013-1969Apr 25, 2013
    risk 0.00cvss epss 0.04

    Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as…

  • CVE-2013-0338Apr 25, 2013
    risk 0.00cvss epss 0.03

    libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear…

  • CVE-2012-6139Apr 12, 2013
    risk 0.00cvss epss 0.04

    libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

  • CVE-2012-0841Dec 21, 2012
    risk 0.00cvss epss 0.03

    libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

  • CVE-2012-5134Nov 28, 2012
    risk 0.00cvss epss 0.04

    Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted…

  • CVE-2012-2871Aug 31, 2012
    risk 0.00cvss epss 0.02

    libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a…

  • CVE-2012-2870Aug 31, 2012
    risk 0.00cvss epss 0.02

    libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation,…

  • CVE-2012-2807Jun 27, 2012
    risk 0.00cvss epss 0.02

    Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3102May 16, 2012
    risk 0.00cvss epss 0.03

    Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3970Feb 9, 2012
    risk 0.00cvss epss 0.02

    libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2011-3919Jan 7, 2012
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3905Dec 13, 2011
    risk 0.00cvss epss 0.02

    libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2011-2821Aug 29, 2011
    risk 0.00cvss epss 0.02

    Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.

  • CVE-2011-1202Mar 11, 2011
    risk 0.00cvss epss 0.02

    The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a…

  • CVE-2010-4008Nov 17, 2010
    risk 0.00cvss epss 0.03

    libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service…

  • CVE-2009-2414Aug 11, 2009
    risk 0.00cvss epss 0.03

    Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as…

  • CVE-2008-4226Nov 25, 2008
    risk 0.00cvss epss 0.04

    Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.

  • CVE-2008-4225Nov 25, 2008
    risk 0.00cvss epss 0.03

    Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.

  • CVE-2007-6284Jan 12, 2008
    risk 0.00cvss epss 0.03

    The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Page 3 of 3