Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libxslt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1767
Buffer overflow in pattern.c in libxslt prior to 1.1.24 allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large ...
Redhat Enterprise Linux 3.0
Redhat Enterprise Linux Desktop Workstation 5
Redhat Linux Advanced Workstation 2.1
Redhat Desktop 3
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux 2.1
Redhat Enterprise Linux Desktop 4
Redhat Enterprise Linux Desktop 5
Redhat Enterprise Linux 5.0
1 EDB exploit
NA
CVE-2012-2825
The XSL implementation in Google Chrome prior to 20.0.1132.43 allows remote malicious users to cause a denial of service (incorrect read operation) via unspecified vectors.
Google Chrome 20.0.1132.37
Google Chrome 20.0.1132.16
Google Chrome 20.0.1132.14
Google Chrome 20.0.1132.22
Google Chrome 20.0.1132.30
Google Chrome 20.0.1132.26
Google Chrome 20.0.1132.2
Google Chrome 20.0.1132.11
Google Chrome 20.0.1132.3
Google Chrome 20.0.1132.25
Google Chrome 20.0.1132.24
Google Chrome 20.0.1132.41
Google Chrome 20.0.1132.32
Google Chrome 20.0.1132.38
Google Chrome 20.0.1132.31
Google Chrome 20.0.1132.8
Google Chrome 20.0.1132.4
Google Chrome 20.0.1132.17
Google Chrome 20.0.1132.7
Google Chrome 20.0.1132.18
Google Chrome 20.0.1132.0
Google Chrome
1 Article
NA
CVE-2011-1774
WebKit in Apple Safari prior to 5.0.6 has improper libxslt security settings, which allows remote malicious users to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
Apple Safari 1.2.4
Apple Safari 1.2.2
Apple Safari 1.1.1
Apple Safari 1.0
Apple Safari 1.1.0
Apple Safari 1.0.1
Apple Safari 3.0.0
Apple Safari 2.0.3
Apple Safari 1.3.0
Apple Safari 1.2.1
Apple Safari 1.0.3
Apple Safari 1.2.5
Apple Safari 3.0
Apple Safari 3.0.1
Apple Safari 5.0
Apple Safari 3
Apple Safari 1.3.2
Apple Safari 5.0.2
Apple Safari 4.1.1
Apple Safari 3.0.4
Apple Safari 3.0.2b
Apple Safari 1.2.3
1 EDB exploit
9.8
CVSSv3
CVE-2019-11068
libxslt up to and including 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
Xmlsoft Libxslt
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Oracle Jdk 8.0
Netapp Cloud Backup -
Netapp Element Software -
Netapp Steelstore Cloud Integrated Storage -
Netapp Snapmanager -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp E-series Santricity Web Services Proxy -
Netapp E-series Santricity Storage Manager -
Netapp E-series Santricity Unified Manager -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
1 Github repository
6.5
CVSSv3
CVE-2022-29824
In libxml2 prior to 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other softwa...
Xmlsoft Libxml2
Xmlsoft Libxslt
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Snapdrive -
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Smi-s Provider -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire \\& Hci Management Node -
Netapp Manageability Software Development Kit -
Netapp Active Iq Unified Manager -
Netapp Snapmanager -
Oracle Zfs Storage Appliance Kit 8.8
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
5.3
CVSSv3
CVE-2019-13118
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
Xmlsoft Libxslt 1.1.33
Opensuse Leap 15.1
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp E-series Santricity Storage Manager -
Netapp Active Iq Unified Manager -
Netapp Santricity Unified Manager -
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Management Plug-ins -
Netapp Plug-in For Symantec Netbackup -
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Os Controller
Oracle Jdk 1.8.0
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
NA
CVE-2011-1425
xslt.c in XML Security Library (aka xmlsec) prior to 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote malicious users to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signa...
Aleksey Xml Security Library
Aleksey Xml Security Library 1.2.7
Aleksey Xml Security Library 1.2.6
Aleksey Xml Security Library 1.1.2
Aleksey Xml Security Library 1.1.1
Aleksey Xml Security Library 1.0.0
Aleksey Xml Security Library 0.1.1
Aleksey Xml Security Library 0.0.9
Aleksey Xml Security Library 0.0.8
Aleksey Xml Security Library 0.0.2
Aleksey Xml Security Library 0.0.1
Aleksey Xml Security Library 1.2.13
Aleksey Xml Security Library 1.2.11
Aleksey Xml Security Library 1.2.10
Aleksey Xml Security Library 1.2.3
Aleksey Xml Security Library 1.2.2
Aleksey Xml Security Library 1.0.3
Aleksey Xml Security Library 1.0.2
Aleksey Xml Security Library 0.0.13
Aleksey Xml Security Library 0.0.12
Aleksey Xml Security Library 0.0.5
Aleksey Xml Security Library 0.0.4
1 EDB exploit
9.8
CVSSv3
CVE-2019-8750
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt.
Apple Icloud
Apple Watchos
NA
CVE-2011-0195
The generate-id XPath function in libxslt in Apple iOS 4.3.x prior to 4.3.2 allows remote malicious users to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.
Apple Iphone Os 4.3.0
Apple Iphone Os 4.3.1
9.8
CVSSv3
CVE-2017-2477
An issue exists in certain Apple products. macOS prior to 10.12.4 is affected. The issue involves the "libxslt" component. It allows remote malicious users to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
Apple Mac Os X
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »