This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Xmlsoft First view 2013-04-12
Product Libxslt Last view 2019-12-11
Version 1.1.27 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:xmlsoft:libxslt

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2019-12-11 CVE-2019-5815

Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.

9.8 2019-04-10 CVE-2019-11068

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

5.3 2017-04-05 CVE-2015-9019

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

9.8 2016-07-21 CVE-2016-4610

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.

9.8 2016-07-21 CVE-2016-4609

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.

9.8 2016-07-21 CVE-2016-4608

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

9.8 2016-07-21 CVE-2016-4607

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

7.5 2016-06-05 CVE-2016-1684

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.

7.5 2016-06-05 CVE-2016-1683

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.

5 2015-11-17 CVE-2015-7995

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

5 2013-04-12 CVE-2012-6139

libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.

CWE : Common Weakness Enumeration

%idName
83% (5) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
16% (1) CWE-330 Use of Insufficiently Random Values

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0025.nasl - Type: ACT_GATHER_INFO
2017-05-24 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-609.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1313-1.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1282-1.nasl - Type: ACT_GATHER_INFO
2017-04-28 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3271-1.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File: macosx_SecUpd2016-004.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote host is missing a Mac OS X security update that fixes multiple vul...
File: macosx_10_11_6.nasl - Type: ACT_GATHER_INFO
2016-07-21 Name: The remote device is affected by multiple vulnerabilities.
File: appletv_9_2_2.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host is running an application that is affected by multiple vulner...
File: itunes_12_4_2_banner.nasl - Type: ACT_GATHER_INFO
2016-07-19 Name: The remote host contains an application that is affected by multiple vulnerab...
File: itunes_12_4_2.nasl - Type: ACT_GATHER_INFO
2016-07-18 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201607-07.nasl - Type: ACT_GATHER_INFO
2016-06-21 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_1a2aa04f371811e6b3c814dae9d210b8.nasl - Type: ACT_GATHER_INFO
2016-06-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3605.nasl - Type: ACT_GATHER_INFO
2016-06-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-514.nasl - Type: ACT_GATHER_INFO
2016-06-07 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2992-1.nasl - Type: ACT_GATHER_INFO
2016-06-06 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-682.nasl - Type: ACT_GATHER_INFO
2016-06-02 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-1190.nasl - Type: ACT_GATHER_INFO
2016-06-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3590.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-652.nasl - Type: ACT_GATHER_INFO
2016-06-01 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-661.nasl - Type: ACT_GATHER_INFO
2016-05-31 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2016-148-02.nasl - Type: ACT_GATHER_INFO
2016-05-27 Name: A web browser installed on the remote Mac OS X host is affected by multiple v...
File: macosx_google_chrome_51_0_2704_63.nasl - Type: ACT_GATHER_INFO
2016-05-27 Name: A web browser installed on the remote Windows host is affected by multiple vu...
File: google_chrome_51_0_2704_63.nasl - Type: ACT_GATHER_INFO
2016-05-18 Name: The remote web server is affected by multiple vulnerabilities.
File: hpsmh_7_5_5.nasl - Type: ACT_GATHER_INFO
2016-04-25 Name: The remote web server is running an application that is affected by multiple ...
File: splunk_6334.nasl - Type: ACT_GATHER_INFO