A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

CPENameOperatorVersion
nokogirieq1.4.0
nokogirieq1.5.4.rc3
nokogirieq1.6.7
nokogirieq1.6.1
nokogirieq1.6.3.rc3
nokogirieq1.2.2
nokogirieq1.6.8
nokogirieq1.8.2
nokogirieq1.7.0.1
nokogirieq1.8.3

Name	Operator	Version
nokogiri	eq	1.4.0
nokogiri	eq	1.5.4.rc3
nokogiri	eq	1.6.7
nokogiri	eq	1.6.1
nokogiri	eq	1.6.3.rc3
nokogiri	eq	1.2.2
nokogiri	eq	1.6.8
nokogiri	eq	1.8.2
nokogiri	eq	1.7.0.1
nokogiri	eq	1.8.3

Rows per page:

1-10 of 1041

References

access.redhat.com/errata/RHSA-2019:1543

bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

bugzilla.redhat.com/show_bug.cgi?id=1595985

github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml

github.com/sparklemotion/nokogiri/issues/1785

gitlab.gnome.org/GNOME/libxml2/issues/10

lists.debian.org/debian-lts-announce/2018/09/msg00035.html

lists.debian.org/debian-lts-announce/2020/09/msg00009.html

nvd.nist.gov/vuln/detail/CVE-2018-14404

security.netapp.com/advisory/ntap-20190719-0002

usn.ubuntu.com/3739-1

usn.ubuntu.com/3739-2

veracode 2

nessus 41

debiancve 1

cve 1

ubuntucve 1

openvas 20

redhatcve 1

github 1

prion 1

alpinelinux 1

broadcom 1

ibm 10

amazon 3

nvd 1

cvelist 1

redhat 5

photon 3

ubuntu 2

fedora 2

oraclelinux 2

mageia 1

rubygems 1

osv 3

suse 3

debian 2

cloudfoundry 1

centos 1

f5 1

altlinux 2

kitploit 1

tenable 1

ics 1

veracode

Denial Of Service (DoS)

2018-07-19 02:58:01

Copy-Paste Vulnerability (CPV) Through Libxml2

2018-10-16 03:04:15

nessus

EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1315)

2019-05-01 00:00:00

Amazon Linux AMI : libxml2 (ALAS-2018-1072)

2018-09-07 00:00:00

Photon OS 1.0: Libxml2 PHSA-2018-1.0-0193

2019-02-07 00:00:00

debiancve

CVE-2018-14404

2018-07-19 13:29:00

cve

CVE-2018-14404

2018-07-19 13:29:00

ubuntucve

CVE-2018-14404

2018-07-19 00:00:00

openvas

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1315)

2020-01-23 00:00:00

SUSE: Security Advisory (SUSE-SU-2019:13985-1)

2021-06-09 00:00:00

Ubuntu: Security Advisory (USN-3739-2)

2022-08-26 00:00:00

redhatcve

CVE-2018-14404

2019-10-19 18:58:27

github

Nokogiri NULL Pointer Dereference

2019-01-17 14:05:03

prion

Null pointer dereference

2018-07-19 13:29:00

alpinelinux

CVE-2018-14404

2018-07-19 13:29:00

broadcom

NULL pointer dereference in libxml2 through 2.9.8

2023-08-01 00:00:00

ibm

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in libxml2 (CVE-2018-14404)

2023-12-07 22:45:03

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in libxml2 (CVE-2018-14404 CVE-2016-9318)

2020-01-09 19:18:07

Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Watson Studio Local

2019-12-18 18:01:21

amazon

Medium: libxml2

2018-09-05 19:31:00

Important: libxml2

2020-08-10 22:59:00

Important: libxml2

2020-07-21 16:34:00

nvd

CVE-2018-14404

2018-07-19 13:29:00

cvelist

CVE-2018-14404

2018-07-19 13:00:00

redhat

(RHSA-2020:1827) Moderate: libxml2 security update

2020-04-28 09:20:58

(RHSA-2020:1190) Moderate: libxml2 security update

2020-03-31 09:30:25

(RHSA-2019:1543) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

2019-06-18 19:07:29

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0193

2018-11-06 00:00:00

Critical Photon OS Security Update - PHSA-2018-0193

2018-11-06 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0106

2018-11-02 00:00:00

ubuntu

libxml2 vulnerabilities

2018-08-14 00:00:00

libxml2 vulnerabilities

2018-08-14 00:00:00

fedora

[SECURITY] Fedora 27 Update: libxml2-2.9.8-4.fc27

2018-08-09 16:53:03

[SECURITY] Fedora 28 Update: libxml2-2.9.8-4.fc28

2018-08-07 01:20:06

oraclelinux

libxml2 security update

2020-05-05 00:00:00

libxml2 security update

2020-04-06 00:00:00

mageia

Updated libxml2 packages fix security vulnerabilities

2019-01-23 18:50:09

rubygems

Nokogiri gem, via libxml2, is affected by multiple vulnerabilities

2018-10-03 21:00:00

osv

libxml2 - security update

2018-09-27 00:00:00

libxml2 - security update

2020-09-09 00:00:00

CVE-2018-14404

2018-07-19 13:29:00

suse

Security update for libxml2 (moderate)

2018-10-12 12:12:16

Security update for rmt-server (moderate)

2019-02-14 00:00:00

Security update for libxml2 (moderate)

2018-10-12 12:10:07

debian

[SECURITY] [DLA 1524-1] libxml2 security update

2018-09-27 20:04:03

[SECURITY] [DLA 2369-1] libxml2 security update

2020-09-09 22:41:50

cloudfoundry

USN-3739-1: libxml2 vulnerabilities | Cloud Foundry

2018-09-11 00:00:00

centos

libxml2 security update

2020-04-08 18:42:56

K76678525 : libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567

2022-02-15 00:00:00

altlinux

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1

2019-05-22 00:00:00

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1

2019-05-22 00:00:00

kitploit

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

2019-11-05 12:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.03 Low

EPSS

Percentile

90.9%

JSON

Related for OSV:GHSA-6QVP-R6R3-9P7H