Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xmlsoft libxslt 1.1.33 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-5815
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow malicious users to potentially exploit heap corruption via crafted XML data.
Xmlsoft Libxslt
Debian Debian Linux 10.0
5.1
CVSSv2
CVE-2019-18197
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitial...
Xmlsoft Libxslt 1.1.33
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 8.0
1 Github repository
5
CVSSv2
CVE-2019-13117
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an malicious user to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other characte...
Xmlsoft Libxslt 1.1.33
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 31
Opensuse Leap 15.1
Oracle Openjdk 8
5
CVSSv2
CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Xmlsoft Libxslt 1.1.33
Opensuse Leap 15.1
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp E-series Santricity Storage Manager -
Netapp Active Iq Unified Manager -
Netapp Santricity Unified Manager -
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Management Plug-ins -
Netapp Plug-in For Symantec Netbackup -
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Os Controller
Oracle Jdk 1.8.0
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
7.5
CVSSv2
CVE-2019-11068
libxslt up to and including 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
Xmlsoft Libxslt
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Oracle Jdk 8.0
Netapp Cloud Backup -
Netapp Element Software -
Netapp Steelstore Cloud Integrated Storage -
Netapp Snapmanager -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp E-series Santricity Web Services Proxy -
Netapp E-series Santricity Storage Manager -
Netapp E-series Santricity Unified Manager -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started