Show filters
94 Total Results
Displaying 41-50 of 94
Sort by:
Attacker Value
Unknown
CVE-2016-9318
Disclosure Date: November 16, 2016 (last updated November 25, 2024)
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
0
Attacker Value
Unknown
CVE-2016-4658
Disclosure Date: September 25, 2016 (last updated November 25, 2024)
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.
0
Attacker Value
Unknown
CVE-2016-5131
Disclosure Date: July 23, 2016 (last updated November 08, 2023)
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
0
Attacker Value
Unknown
CVE-2016-4449
Disclosure Date: June 09, 2016 (last updated November 25, 2024)
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
0
Attacker Value
Unknown
CVE-2016-4447
Disclosure Date: June 09, 2016 (last updated November 25, 2024)
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
0
Attacker Value
Unknown
CVE-2016-4448
Disclosure Date: June 09, 2016 (last updated November 25, 2024)
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
0
Attacker Value
Unknown
CVE-2016-1838
Disclosure Date: May 20, 2016 (last updated November 25, 2024)
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
0
Attacker Value
Unknown
CVE-2016-1839
Disclosure Date: May 20, 2016 (last updated November 25, 2024)
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
0
Attacker Value
Unknown
CVE-2016-1840
Disclosure Date: May 20, 2016 (last updated November 25, 2024)
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
0
Attacker Value
Unknown
CVE-2016-1833
Disclosure Date: May 20, 2016 (last updated November 25, 2024)
The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
0