This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Xmlsoft First view 2011-03-10
Product Libxslt Last view 2019-12-11
Version 1.1.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:xmlsoft:libxslt

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-12-11 CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

9.8 2019-04-10 CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

5.3 2017-04-05 CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

9.8 2016-07-21 CVE-2016-4610

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.

9.8 2016-07-21 CVE-2016-4609

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.

9.8 2016-07-21 CVE-2016-4608

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

9.8 2016-07-21 CVE-2016-4607

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

7.5 2016-06-05 CVE-2016-1684

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.

7.5 2016-06-05 CVE-2016-1683

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

5 2015-11-17 CVE-2015-7995

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

4.3 2013-12-14 CVE-2013-4520

xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.

5 2013-04-12 CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

4.3 2012-08-31 CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

4.3 2012-02-08 CVE-2011-3970

libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

4.3 2011-03-10 CVE-2011-1202

The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.

CWE : Common Weakness Enumeration

%idName
55% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (1) CWE-399 Resource Management Errors
11% (1) CWE-330 Use of Insufficiently Random Values
11% (1) CWE-200 Information Exposure
11% (1) CWE-125 Out-of-bounds Read

Open Source Vulnerability Database (OSVDB)

id Description
75031 Apple Safari libxslt functions.c xsltGenerateIdFunction Heap Memory Address I...
72490 Google Chrome libxslt functions.c xsltGenerateIdFunction Heap Memory Address ...
72094 Mozilla Multiple Products XSLT generate-id() Function Heap Address Informatio...

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-13 Name : SuSE Update for chromium openSUSE-SU-2012:1215-1 (chromium)
File : nvt/gb_suse_2012_1215_1.nasl
2012-10-13 Name : Debian Security Advisory DSA 2555-1 (libxslt)
File : nvt/deb_2555_1.nasl
2012-10-12 Name : Mandriva Update for libxslt MDVSA-2012:164 (libxslt)
File : nvt/gb_mandriva_MDVSA_2012_164.nasl
2012-10-05 Name : Ubuntu Update for libxslt USN-1595-1
File : nvt/gb_ubuntu_USN_1595_1.nasl
2012-10-03 Name : Fedora Update for libxslt FEDORA-2012-14048
File : nvt/gb_fedora_2012_14048_libxslt_fc16.nasl
2012-09-27 Name : Fedora Update for libxslt FEDORA-2012-14083
File : nvt/gb_fedora_2012_14083_libxslt_fc17.nasl
2012-09-17 Name : CentOS Update for libxslt CESA-2012:1265 centos5
File : nvt/gb_CESA-2012_1265_libxslt_centos5.nasl
2012-09-17 Name : CentOS Update for libxslt CESA-2012:1265 centos6
File : nvt/gb_CESA-2012_1265_libxslt_centos6.nasl
2012-09-17 Name : RedHat Update for libxslt RHSA-2012:1265-01
File : nvt/gb_RHSA-2012_1265-01_libxslt.nasl
2012-09-03 Name : Google Chrome Multiple Vulnerabilities - Sep12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_sep12_lin.nasl
2012-09-03 Name : Google Chrome Multiple Vulnerabilities - Sep12 (Mac OS X)
File : nvt/gb_google_chrome_mult_vuln_sep12_macosx.nasl
2012-09-03 Name : Google Chrome Multiple Vulnerabilities - Sep12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_sep12_win.nasl
2012-08-30 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium18.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2011:0471 centos5 x86_64
File : nvt/gb_CESA-2011_0471_firefox_centos5_x86_64.nasl
2012-07-30 Name : CentOS Update for firefox CESA-2011:0471 centos4 x86_64
File : nvt/gb_CESA-2011_0471_firefox_centos4_x86_64.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201202-01 (chromium)
File : nvt/glsa_201202_01.nasl
2012-03-12 Name : Gentoo Security Advisory GLSA 201203-08 (libxslt)
File : nvt/glsa_201203_08.nasl
2012-03-07 Name : Mandriva Update for libxslt MDVSA-2012:028 (libxslt)
File : nvt/gb_mandriva_MDVSA_2012_028.nasl
2012-02-14 Name : Google Chrome Multiple Vulnerabilities - February 12 (Windows)
File : nvt/gb_google_chrome_mult_vuln_feb12_win.nasl
2012-02-14 Name : Google Chrome Multiple Vulnerabilities - February 12 (Linux)
File : nvt/gb_google_chrome_mult_vuln_feb12_lin.nasl
2012-02-14 Name : Google Chrome Multiple Vulnerabilities - February 12 (MAC OS X)
File : nvt/gb_google_chrome_mult_vuln_feb12_macosx.nasl
2012-02-12 Name : FreeBSD Ports: chromium
File : nvt/freebsd_chromium2.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2011:0471 centos5 i386
File : nvt/gb_CESA-2011_0471_firefox_centos5_i386.nasl
2011-08-09 Name : CentOS Update for firefox CESA-2011:0471 centos4 i386
File : nvt/gb_CESA-2011_0471_firefox_centos4_i386.nasl
2011-06-10 Name : Ubuntu Update for thunderbird USN-1122-3
File : nvt/gb_ubuntu_USN_1122_3.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0031 Multiple Security Vulnerabilities in VMware ESX 4.1 and ESXi 4.1
Severity: Category I - VMSKEY: V0036787

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0025.nasl - Type: ACT_GATHER_INFO
2017-05-24 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-609.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1313-1.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1282-1.nasl - Type: ACT_GATHER_INFO
2017-04-28 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3271-1.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote device is affected by multiple vulnerabilities.
File: appletv_9_2_2.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote host is missing a Mac OS X security update that fixes multiple vul...
File: macosx_10_11_6.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File: macosx_SecUpd2016-004.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host contains an application that is affected by multiple vulnerab...
File: itunes_12_4_2.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host is running an application that is affected by multiple vulner...
File: itunes_12_4_2_banner.nasl - Type: ACT_GATHER_INFO
2016-07-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201607-07.nasl - Type: ACT_GATHER_INFO
2016-06-21 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_1a2aa04f371811e6b3c814dae9d210b8.nasl - Type: ACT_GATHER_INFO
2016-06-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3605.nasl - Type: ACT_GATHER_INFO
2016-06-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-514.nasl - Type: ACT_GATHER_INFO
2016-06-07 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2992-1.nasl - Type: ACT_GATHER_INFO
2016-06-06 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-682.nasl - Type: ACT_GATHER_INFO
2016-06-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3590.nasl - Type: ACT_GATHER_INFO
2016-06-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-1190.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-652.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-661.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2016-148-02.nasl - Type: ACT_GATHER_INFO
2016-05-27 Name: A web browser installed on the remote Windows host is affected by multiple vu...
File: google_chrome_51_0_2704_63.nasl - Type: ACT_GATHER_INFO
2016-05-27 Name: A web browser installed on the remote Mac OS X host is affected by multiple v...
File: macosx_google_chrome_51_0_2704_63.nasl - Type: ACT_GATHER_INFO
2016-05-18 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_5_5.nasl - Type: ACT_GATHER_INFO
2016-04-25 Name: The remote web server is running an application that is affected by multiple ...
File: splunk_6334.nasl - Type: ACT_GATHER_INFO