Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xmlsoft vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-13117
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an malicious user to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other characte...
Xmlsoft Libxslt 1.1.33
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 31
Opensuse Leap 15.1
Oracle Openjdk 8
5.3
CVSSv3
CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Xmlsoft Libxslt 1.1.33
Opensuse Leap 15.1
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp E-series Santricity Storage Manager -
Netapp Active Iq Unified Manager -
Netapp Santricity Unified Manager -
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Management Plug-ins -
Netapp Plug-in For Symantec Netbackup -
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Os Controller
Oracle Jdk 1.8.0
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
5.3
CVSSv3
CVE-2018-9251
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote malicious users to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-803...
Xmlsoft Libxml2 2.9.8
Debian Debian Linux 8.0
5.3
CVSSv3
CVE-2015-9019
In libxslt 1.1.29 and previous versions, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
Xmlsoft Libxslt
1 Github repository
4.7
CVSSv3
CVE-2017-5969
libxml2 2.9.4, when used in recover mode, allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for ma...
Xmlsoft Libxml2 2.9.4
2 Github repositories
NA
CVE-2015-7941
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent malicious users to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser....
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Xmlsoft Libxml2 2.9.2
NA
CVE-2015-7995
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows malicious users to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
Apple Iphone Os
Apple Mac Os X
Apple Watchos
Apple Tvos
Xmlsoft Libxslt
NA
CVE-2013-0339
libxml2 up to and including 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote malicious users to cause a denial of service (resource consumption), se...
Xmlsoft Libxml2 2.2.0
Xmlsoft Libxml2 2.2.2
Xmlsoft Libxml2 2.4.30
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 1.8.0
Xmlsoft Libxml2 1.8.16
Xmlsoft Libxml2 2.6.32
Xmlsoft Libxml2 2.1.0
Xmlsoft Libxml2 2.6.29
Xmlsoft Libxml2 2.4.19
Xmlsoft Libxml2 2.4.7
Xmlsoft Libxml2 2.4.17
Xmlsoft Libxml2 2.2.9
Xmlsoft Libxml2 2.8.0
Xmlsoft Libxml2 2.3.6
Xmlsoft Libxml2 2.6.26
Xmlsoft Libxml2 2.6.11
Xmlsoft Libxml2 1.7.1
Xmlsoft Libxml2 2.7.2
Xmlsoft Libxml2 2.4.21
Xmlsoft Libxml2 2.4.20
Xmlsoft Libxml2 2.3.7
NA
CVE-2013-4520
xslt.c in libxslt prior to 1.1.25 allows context-dependent malicious users to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
Xmlsoft Libxslt 0.2.0
Xmlsoft Libxslt 0.3.0
Xmlsoft Libxslt 0.4.0
Xmlsoft Libxslt 0.5.0
Xmlsoft Libxslt 1.0.17
Xmlsoft Libxslt 1.0.18
Xmlsoft Libxslt 1.0.19
Xmlsoft Libxslt 1.0.2
Xmlsoft Libxslt 1.0.32
Xmlsoft Libxslt 1.0.33
Xmlsoft Libxslt 1.0.4
Xmlsoft Libxslt 1.0.5
Xmlsoft Libxslt 1.1.16
Xmlsoft Libxslt 1.1.17
Xmlsoft Libxslt 1.1.18
Xmlsoft Libxslt 1.1.19
Xmlsoft Libxslt 1.1.2
Xmlsoft Libxslt 0.12.0
Xmlsoft Libxslt 0.14.0
Xmlsoft Libxslt 0.6.0
Xmlsoft Libxslt 0.8.0
Xmlsoft Libxslt 1.0.0
NA
CVE-2013-0338
libxml2 2.9.0 and previous versions allows context-dependent malicious users to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansi...
Xmlsoft Libxml2 1.7.0
Xmlsoft Libxml2 1.7.1
Xmlsoft Libxml2 2.5.10
Xmlsoft Libxml2 2.4.23
Xmlsoft Libxml2 2.4.28
Xmlsoft Libxml2 2.4.29
Xmlsoft Libxml2 2.4.22
Xmlsoft Libxml2 2.6.17
Xmlsoft Libxml2 2.4.9
Xmlsoft Libxml2 2.4.8
Xmlsoft Libxml2 2.4.12
Xmlsoft Libxml2 2.4.15
Xmlsoft Libxml2 2.4.14
Xmlsoft Libxml2 2.2.0
Xmlsoft Libxml2 1.7.2
Xmlsoft Libxml2 2.6.11
Xmlsoft Libxml2 2.4.19
Xmlsoft Libxml2 2.6.14
Xmlsoft Libxml2 2.4.26
Xmlsoft Libxml2 2.4.27
Xmlsoft Libxml2 2.6.22
Xmlsoft Libxml2 2.4.21
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »