CVE-2015-6838
- EPSS 7.28%
- Veröffentlicht 16.05.2016 10:59:21
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...
CVE-2015-6837
- EPSS 6.57%
- Veröffentlicht 16.05.2016 10:59:20
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding wi...
CVE-2015-8806
- EPSS 4.96%
- Veröffentlicht 13.04.2016 17:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
CVE-2015-8710
- EPSS 4.93%
- Veröffentlicht 11.04.2016 21:59:15
- Zuletzt bearbeitet 06.05.2026 22:30:45
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed H...
CVE-2016-1762
- EPSS 6.47%
- Veröffentlicht 24.03.2016 01:59:30
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-2073
- EPSS 2.31%
- Veröffentlicht 12.02.2016 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
- EPSS 5.91%
- Veröffentlicht 15.12.2015 21:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds ...
CVE-2015-8242
- EPSS 4.27%
- Veröffentlicht 15.12.2015 21:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive informati...
CVE-2015-8241
- EPSS 5.44%
- Veröffentlicht 15.12.2015 21:59:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML dat...
- EPSS 5.92%
- Veröffentlicht 15.12.2015 21:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.