Filtered by vendor Xmlsoft Subscriptions
Filtered by product Libxslt Subscriptions
Total 22 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-1202 3 Google, Redhat, Xmlsoft 3 Chrome, Enterprise Linux, Libxslt 2024-11-21 N/A
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
CVE-2008-2935 2 Redhat, Xmlsoft 2 Enterprise Linux, Libxslt 2024-11-21 N/A
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."