- EPSS 4.6%
- Veröffentlicht 12.04.2013 22:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFuncti...
CVE-2012-2870
- EPSS 1.18%
- Veröffentlicht 31.08.2012 19:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identifi...
CVE-2011-3970
- EPSS 0.49%
- Veröffentlicht 09.02.2012 04:10:29
- Zuletzt bearbeitet 11.04.2025 00:51:21
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-1202
- EPSS 0.64%
- Veröffentlicht 11.03.2011 02:01:20
- Zuletzt bearbeitet 11.04.2025 00:51:21
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an ...
CVE-2008-2935
- EPSS 22.14%
- Veröffentlicht 01.08.2008 14:41:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attack...