| Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-7499 | 5.0 |
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
|
13-02-2023 - 00:53 | 15-12-2015 - 21:59 | |
| CVE-2015-7500 | 5.0 |
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
|
13-02-2023 - 00:53 | 15-12-2015 - 21:59 | |
| CVE-2015-7497 | 5.0 |
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
|
12-02-2023 - 23:15 | 15-12-2015 - 21:59 | |
| CVE-2015-7498 | 5.0 |
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
|
12-02-2023 - 23:15 | 15-12-2015 - 21:59 | |
| CVE-2015-0209 | 6.8 |
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corrup
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
| CVE-2015-8710 | 7.5 |
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed H
|
26-02-2020 - 19:19 | 11-04-2016 - 21:59 | |
| CVE-2015-5345 | 5.0 |
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence o
|
15-04-2019 - 16:30 | 25-02-2016 - 01:59 | |
| CVE-2016-0714 | 6.5 |
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restric
|
15-04-2019 - 16:30 | 25-02-2016 - 01:59 | |
| CVE-2016-0706 | 4.0 |
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote aut
|
15-04-2019 - 16:30 | 25-02-2016 - 01:59 | |
| CVE-2016-0763 | 6.5 |
The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, wh
|
21-03-2019 - 15:59 | 25-02-2016 - 01:59 | |
| CVE-2015-8242 | 5.8 |
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati
|
08-03-2019 - 16:06 | 15-12-2015 - 21:59 | |
| CVE-2015-7942 | 6.8 |
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via
|
08-03-2019 - 16:06 | 18-11-2015 - 16:59 | |
| CVE-2015-8035 | 2.6 |
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
|
08-03-2019 - 16:06 | 18-11-2015 - 16:59 | |
| CVE-2015-5312 | 7.1 |
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab
|
08-03-2019 - 16:06 | 15-12-2015 - 21:59 | |
| CVE-2015-5346 | 6.8 |
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to
|
19-07-2018 - 01:29 | 25-02-2016 - 01:59 | |
| CVE-2015-5351 | 6.8 |
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protec
|
19-07-2018 - 01:29 | 25-02-2016 - 01:59 | |
| CVE-2015-8317 | 5.0 |
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds
|
14-09-2017 - 01:29 | 15-12-2015 - 21:59 | |
| CVE-2015-7941 | 4.3 |
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSect
|
14-09-2017 - 01:29 | 18-11-2015 - 16:59 | |
| CVE-2015-8241 | 6.4 |
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML dat
|
14-09-2017 - 01:29 | 15-12-2015 - 21:59 |