CVE-2024-34394

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-843
View all →

Vulnerability Description

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes XmlNode::get_local_namespaces()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution.

Related Vulnerabilities

CVE-2017-0037

HIGH
CVSS:8.1(High)

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows...

CWE-8432017

CVE-2020-36460

HIGH
CVSS:8.1(High)

An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.

CWE-8432020

CVE-2023-35297

HIGH
CVSS:8.1(High)

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CWE-8432023

CVE-2023-4068

HIGH
CVSS:8.1(High)

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

CWE-8432023

CVE-2023-4070

HIGH
CVSS:8.1(High)

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

CWE-8432023

CVE-2024-21357

HIGH
CVSS:8.1(High)

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

CWE-8432024