Vulnerabilities > Xmlsoft

DATE CVE VULNERABILITY TITLE RISK
2016-07-22 CVE-2016-4610 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
network
low complexity
xmlsoft apple fedoraproject debian CWE-119
critical
9.8
2016-07-22 CVE-2016-4609 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
network
low complexity
xmlsoft apple fedoraproject debian CWE-119
critical
9.8
2016-07-22 CVE-2016-4608 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
network
low complexity
xmlsoft apple fedoraproject CWE-119
critical
9.8
2016-07-22 CVE-2016-4607 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
network
low complexity
xmlsoft apple fedoraproject CWE-119
critical
9.8
2016-06-09 CVE-2016-4449 Improper Input Validation vulnerability in multiple products
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
local
low complexity
debian canonical xmlsoft CWE-20
7.1
2016-06-09 CVE-2016-4448 Use of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
network
low complexity
hp apple xmlsoft redhat slackware oracle tenable mcafee CWE-134
critical
9.8
2016-06-09 CVE-2016-4447 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
network
low complexity
hp canonical debian oracle apple xmlsoft mcafee CWE-119
7.5
2016-06-05 CVE-2016-1684 numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.
network
high complexity
google xmlsoft
7.5
2016-06-05 CVE-2016-1683 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
7.5
2016-05-20 CVE-2016-1840 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
7.8