Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libxslt vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-30560
Use after free in Blink XSLT in Google Chrome before 91.0.4472.164 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Xmlsoft Libxslt
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
9.8
CVSSv3
CVE-2016-4607
libxslt in Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 on Windows, iCloud prior to 5.2.1 on Windows, tvOS prior to 9.2.2, and watchOS prior to 2.2.2 allows remote malicious users to cause a denial of service (memory corruption) or possibly have unspeci...
Xmlsoft Libxslt
Apple Iphone Os
Apple Tvos
Apple Mac Os X
Apple Watchos
Apple Icloud
Apple Itunes
Fedoraproject Fedora 30
9.8
CVSSv3
CVE-2016-4609
libxslt in Apple iOS prior to 9.3.3, OS X prior to 10.11.6, iTunes prior to 12.4.2 on Windows, iCloud prior to 5.2.1 on Windows, tvOS prior to 9.2.2, and watchOS prior to 2.2.2 allows remote malicious users to cause a denial of service (memory corruption) or possibly have unspeci...
Xmlsoft Libxslt
Apple Iphone Os
Apple Tvos
Apple Mac Os X
Apple Watchos
Apple Icloud
Apple Itunes
Fedoraproject Fedora 30
Debian Debian Linux 8.0
NA
CVE-2011-3970
libxslt, as used in Google Chrome prior to 17.0.963.46, allows remote malicious users to cause a denial of service (out-of-bounds read) via unspecified vectors.
Google Chrome
Xmlsoft Libxslt
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Server 10
8.8
CVSSv3
CVE-2017-5029
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome before 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote malicious user t...
Google Chrome
Xmlsoft Libxslt 1.1.29
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
7.5
CVSSv3
CVE-2019-18197
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitial...
Xmlsoft Libxslt 1.1.33
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 8.0
1 Github repository
5.3
CVSSv3
CVE-2019-13117
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an malicious user to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other characte...
Xmlsoft Libxslt 1.1.33
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 31
Opensuse Leap 15.1
Oracle Openjdk 8
NA
CVE-2012-2893
Double free vulnerability in libxslt, as used in Google Chrome prior to 22.0.1229.79, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.
Google Chrome 22.0.1229.23
Google Chrome 22.0.1229.63
Google Chrome 22.0.1229.18
Google Chrome 22.0.1229.33
Google Chrome 22.0.1229.9
Google Chrome 22.0.1229.57
Google Chrome 22.0.1229.32
Google Chrome 22.0.1229.54
Google Chrome 22.0.1229.16
Google Chrome 22.0.1229.4
Google Chrome 22.0.1229.21
Google Chrome 22.0.1229.12
Google Chrome 22.0.1229.31
Google Chrome 22.0.1229.10
Google Chrome 22.0.1229.2
Google Chrome 22.0.1229.22
Google Chrome 22.0.1229.35
Google Chrome 22.0.1229.50
Google Chrome 22.0.1229.36
Google Chrome 22.0.1229.60
Google Chrome 22.0.1229.62
Google Chrome 22.0.1229.25
8.8
CVSSv3
CVE-2016-4738
libxslt in Apple iOS prior to 10, OS X prior to 10.12, tvOS prior to 10, and watchOS prior to 3 allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Apple Watchos
Apple Tvos
Apple Iphone Os
Apple Mac Os X
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2012-2871
libxml2 2.9.0-rc1 and previous versions, as used in Google Chrome prior to 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote malicious users to cause a denial of service or possibly have unknown other ...
Apple Iphone Os 6.1.2
Apple Iphone Os 3.0
Apple Iphone Os 3.2
Apple Iphone Os 3.1.3
Apple Iphone Os 1.0.2
Apple Iphone Os 4.3.2
Apple Iphone Os 4.0.2
Apple Iphone Os
Apple Iphone Os 2.2
Apple Iphone Os 1.1.1
Apple Iphone Os 6.1.3
Apple Iphone Os 5.1
Apple Iphone Os 4.2.8
Apple Iphone Os 6.0.2
Apple Iphone Os 4.1
Apple Iphone Os 2.0.0
Apple Iphone Os 3.1.2
Apple Iphone Os 3.0.1
Apple Iphone Os 4.3.1
Apple Iphone Os 4.2.5
Apple Iphone Os 1.1.2
Apple Iphone Os 3.1
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »