Filtered by vendor Xmlsoft
Subscriptions
Filtered by product Libxslt
Subscriptions
Total
22 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-1202 | 3 Google, Redhat, Xmlsoft | 3 Chrome, Enterprise Linux, Libxslt | 2024-11-21 | N/A |
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. | ||||
CVE-2008-2935 | 2 Redhat, Xmlsoft | 2 Enterprise Linux, Libxslt | 2024-11-21 | N/A |
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." |