Download
| Alert*
oval:org.secpod.oval:def:20970
The host is installed with libxslt before 1.1.28 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an empty match attribute in a XSL key to the xsltAddKey function in keys.c or uninitialized variable to the xsltDocumentFunction function in ... oval:org.secpod.oval:def:1800020 libxslt is installed oval:org.secpod.oval:def:701031 libxslt: XSLT processing library Applications using libxslt could be made to crash or run programs as your login if they processed a specially crafted file. oval:org.secpod.oval:def:89044947 This update for libxslt fixes the following issues: - CVE-2017-5029: The xsltAddTextString function in transform.c lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page . - CVE-2016-4738: Fix he ... oval:org.secpod.oval:def:202452 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create ... oval:org.secpod.oval:def:203187 libxslt is installed oval:org.secpod.oval:def:117928 This C library allows to transform XML files into other XML files using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >= 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine oval:org.secpod.oval:def:117943 This C library allows to transform XML files into other XML files using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >= 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine oval:org.secpod.oval:def:89003468 This update for libxslt fixes the following issues: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead and xsltCheckWrite would permit access upon receiving an error . oval:org.secpod.oval:def:89003142 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data . - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters . oval:org.secpod.oval:def:202451 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create ... oval:org.secpod.oval:def:1801392 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1801396 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1801398 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:116753 This C library allows to transform XML files into other XML files using the standard XSLT stylesheet transformation mechanism. To use it you need to have a version of libxml2 >= 2.6.27 installed. The xsltproc command is a command line interface to the XSLT engine oval:org.secpod.oval:def:1601029 libxslt allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded oval:org.secpod.oval:def:1801385 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1801485 libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded. oval:org.secpod.oval:def:1800067 The issue can be exploited to trigger an out of bounds write on 64-bit systems. oval:org.secpod.oval:def:1800019 The issue can be exploited to trigger an out of bounds write on 64-bit systems. oval:org.secpod.oval:def:1601313 A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the applicat ... oval:org.secpod.oval:def:1503654 Updated libxslt packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ... oval:org.secpod.oval:def:1801608 In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn"t reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo ... oval:org.secpod.oval:def:504691 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. Security Fix: * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL * libxslt: use after free in xsltCopyText in transform.c could l ... oval:org.secpod.oval:def:89050286 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data . - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters . - CVE-2019-18197: Fixed a da ... oval:org.secpod.oval:def:67961 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. Security Fix: * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL * libxslt: use after free in xsltCopyText in transform.c could l ... oval:org.secpod.oval:def:500891 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create ... oval:org.secpod.oval:def:1800515 The issue can be exploited to trigger an out of bounds write on 64-bit systems. oval:org.secpod.oval:def:1504532 accountsservice [0.6.50-8] - Dont set HasNoUsers=true if realmd has providers Related: #1750516 appstream-data [8-20191129] - Regenerate the RHEL metadata to include the latest evince changes - Resolves: #1768461 clutter [1.26.2-8] - rebuild to get the new in 8.2.0 - plus address #1785233 evince [3. ... oval:org.secpod.oval:def:89000054 This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure . oval:org.secpod.oval:def:2500095 libxslt is a library for transforming XML files into other textual formats using the standard XSLT stylesheet transformation mechanism. oval:org.secpod.oval:def:89000662 This update for libxslt fixes the following issue: - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure . oval:org.secpod.oval:def:89048614 This update for libxslt fixes the following issues: * CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT . oval:org.secpod.oval:def:89048600 This update for libxslt fixes the following issues: * CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT . oval:org.secpod.oval:def:89048540 This update for libxslt fixes the following issues: * CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT . |