libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.
http://code.google.com/p/chromium/issues/detail?id=138673
http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html
http://secunia.com/advisories/50838
http://secunia.com/advisories/54886
http://support.apple.com/kb/HT5934
http://support.apple.com/kb/HT6001
http://www.debian.org/security/2012/dsa-2555
http://www.mandriva.com/security/advisories?name=MDVSA-2012:164
Source: MITRE
Published: 2012-08-31
Updated: 2017-08-29
Type: NVD-CWE-Other
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
OR
cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 6.1.4 (inclusive)
OR
cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.60:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.61:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.62:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.63:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.64:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.68:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.69:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.70:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.71:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.72:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.73:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.74:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.75:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.76:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.77:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.78:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.79:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.80:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.81:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.82:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.83:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.84:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.85:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.86:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:21.0.1180.87:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 21.0.1180.88 (inclusive)
cpe:2.3:a:xmlsoft:libxml2:*:rc1:*:*:*:*:*:* versions up to 2.9.0 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89661 | VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check) | Nessus | Misc. | critical |
80695 | Oracle Solaris Third-Party Patch Update : libxslt (multiple_vulnerabilities_in_libxslt) | Nessus | Solaris Local Security Checks | medium |
74759 | openSUSE Security Update : chromium (openSUSE-SU-2012:1215-1) | Nessus | SuSE Local Security Checks | high |
72105 | Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check) | Nessus | Peer-To-Peer File Sharing | high |
72104 | Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check) | Nessus | Windows | high |
70886 | ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check) | Nessus | Misc. | medium |
70836 | GLSA-201311-06 : libxml2: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
70589 | Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check) | Nessus | Peer-To-Peer File Sharing | high |
70588 | Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check) | Nessus | Windows | high |
70257 | Apple TV < 6.0 Multiple Vulnerabilities | Nessus | Misc. | high |
69984 | Apple iOS < 7 Multiple Vulnerabilities | Nessus | Mobile Devices | high |
69613 | Amazon Linux AMI : libxslt (ALAS-2012-123) | Nessus | Amazon Linux Local Security Checks | medium |
68622 | Oracle Linux 5 / 6 : libxslt (ELSA-2012-1265) | Nessus | Oracle Linux Local Security Checks | medium |
66061 | Mandriva Linux Security Advisory : libxslt (MDVSA-2013:047) | Nessus | Mandriva Local Security Checks | medium |
64642 | VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries | Nessus | VMware ESX Local Security Checks | critical |
8095 | iTunes for Windows < 11.1.4 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
63195 | Fedora 18 : libxslt-1.1.27-2.fc18 (2012-15716) | Nessus | Fedora Local Security Checks | medium |
62504 | Mandriva Linux Security Advisory : libxslt (MDVSA-2012:164) | Nessus | Mandriva Local Security Checks | medium |
62440 | Debian DSA-2555-1 : libxslt - several vulnerabilities | Nessus | Debian Local Security Checks | medium |
62435 | Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxslt vulnerabilities (USN-1595-1) | Nessus | Ubuntu Local Security Checks | medium |
62328 | Fedora 17 : libxslt-1.1.26-10.fc17 (2012-14083) | Nessus | Fedora Local Security Checks | medium |
62326 | Fedora 16 : libxslt-1.1.26-9.fc16 (2012-14048) | Nessus | Fedora Local Security Checks | medium |
62107 | Scientific Linux Security Update : libxslt on SL5.x, SL6.x i386/x86_64 (20120913) | Nessus | Scientific Linux Local Security Checks | medium |
62090 | RHEL 5 / 6 : libxslt (RHSA-2012:1265) | Nessus | Red Hat Local Security Checks | medium |
62085 | CentOS 5 / 6 : libxslt (CESA-2012:1265) | Nessus | CentOS Local Security Checks | medium |
800953 | Google Chrome < 21.0.1180.89 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
6563 | Google Chrome < 21.0.1180.89 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
61774 | Google Chrome < 21.0.1180.89 Multiple Vulnerabilities | Nessus | Windows | high |
61744 | FreeBSD : chromium -- multiple vulnerabilities (ee68923d-f2f5-11e1-8014-00262d5ed8ee) | Nessus | FreeBSD Local Security Checks | high |
8013 | Apple iOS < 7.0 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | critical |