Max CVSS 7.1 Min CVSS 2.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-7499 5.0
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
19-03-2019 - 01:04 15-12-2015 - 21:59
CVE-2015-1819 5.0
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
14-03-2019 - 13:23 14-08-2015 - 18:59
CVE-2015-5312 7.1
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerab
08-03-2019 - 16:06 15-12-2015 - 21:59
CVE-2015-7500 5.0
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
08-03-2019 - 16:06 15-12-2015 - 21:59
CVE-2015-7942 6.8
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via
08-03-2019 - 16:06 18-11-2015 - 16:59
CVE-2015-8035 2.6
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
08-03-2019 - 16:06 18-11-2015 - 16:59
CVE-2015-8242 5.8
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati
08-03-2019 - 16:06 15-12-2015 - 21:59
CVE-2015-7497 5.0
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
14-09-2017 - 01:29 15-12-2015 - 21:59
CVE-2015-7498 5.0
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
14-09-2017 - 01:29 15-12-2015 - 21:59
CVE-2015-7941 4.3
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSect
14-09-2017 - 01:29 18-11-2015 - 16:59
CVE-2015-8241 6.4
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML dat
14-09-2017 - 01:29 15-12-2015 - 21:59
CVE-2015-8317 5.0
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds
14-09-2017 - 01:29 15-12-2015 - 21:59
CVE-2014-0191 4.3
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless
29-08-2017 - 01:34 21-01-2015 - 14:59
CVE-2014-3660 5.0
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing
08-12-2016 - 03:05 04-11-2014 - 16:55
Back to Top Mark selected
Back to Top