libxslt up to and including 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xmlsoft libxslt |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |
||
debian debian linux 8.0 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
oracle jdk 8.0 |
||
netapp cloud backup - |
||
netapp element software - |
||
netapp steelstore cloud integrated storage - |
||
netapp snapmanager - |
||
netapp oncommand workflow automation - |
||
netapp oncommand insight - |
||
netapp e-series santricity web services proxy - |
||
netapp e-series santricity storage manager - |
||
netapp e-series santricity unified manager - |
||
netapp solidfire - |
||
netapp hci management node - |
||
netapp active iq unified manager - |
||
netapp santricity unified manager - |
||
netapp e-series santricity management plug-ins - |
||
netapp plug-in for symantec netbackup - |
||
netapp e-series santricity os controller |
||
opensuse leap 42.3 |
||
opensuse leap 15.0 |
||
opensuse leap 15.1 |