CVE-2014-3660
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2014-3660
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Libxml2 拒绝服务漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Libxml2是GNOME项目组所研发的一个基于C语言的用来解析XML文档的函数库,它支持多种编码格式、Xpath解析、Well-formed和valid验证等。 libxml2 2.9.2之前版本的parser.c脚本中存在安全漏洞,该漏洞源于程序禁用实体替换时,没有正确处理实体扩展。攻击者可借助带有大量嵌套实体引用的XML文档利用该漏洞造成拒绝服务(CPU消耗)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2014-3660
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2014-3660
请登录查看更多情报信息。
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705x_refsource_CONFIRM
- https://support.apple.com/kb/HT205030x_refsource_CONFIRM
- https://bugzilla.redhat.com/attachment.cgi?id=944444&action=diffx_refsource_MISC
- https://support.apple.com/kb/HT205031x_refsource_CONFIRM
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlvendor-advisoryx_refsource_APPLE
- https://nvd.nist.gov/vuln/detail/CVE-2014-3660
Same Patch Batch · n/a · 2014-11-04 · 46 CVEs total
| CVE-2014-5387 | EllisLab ExpressionEngine SQL注入漏洞 | |
| CVE-2014-8584 | WordPress Web Dorado Spider Video Player插件跨站脚本漏洞 | |
| CVE-2014-8586 | WordPress CP Multi View Event Calendar插件‘calid’参数SQL注入漏洞 | |
| CVE-2014-8589 | SAP Network Interface Router 整数溢出漏洞 | |
| CVE-2014-8590 | SAP NetWeaver Application Server Java XML外部实体漏洞 | |
| CVE-2014-8591 | SAP Internet Communication Manager 拒绝服务漏洞 | |
| CVE-2014-8592 | SAP Host Agent 拒绝服务漏洞 | |
| CVE-2014-4311 | Epicor Enterprise 信息泄露漏洞 | |
| CVE-2014-8588 | SAP HANA SQL注入漏洞 | |
| CVE-2014-7176 | Enalean Tuleap SQL注入漏洞 | |
| CVE-2014-8339 | Nuevolab Nuevoplayer for ClipShare SQL注入漏洞 | |
| CVE-2013-7057 | Axway SecureTransport 跨站请求伪造漏洞 | |
| CVE-2014-8593 | Allomani Weblinks 跨站脚本漏洞 | |
| CVE-2014-4974 | ESET Personal Firewall NDIS filter内核模式驱动程序信息泄露漏洞 | |
| CVE-2014-7875 | HP LaserJet CM3530 Multifunction Printer CC519A和CC520A 远程拒绝服务漏洞 | |
| CVE-2014-6130 | IBM Notes Traveler For Android 信息泄露漏洞 | |
| CVE-2014-8474 | CA Cloud Service Management 安全漏洞 | |
| CVE-2014-8473 | CA Cloud Service Management 跨站请求伪造漏洞 | |
| CVE-2014-8472 | CA Cloud Service Management 安全漏洞 | |
| CVE-2014-8471 | CA Cloud Service Management 安全漏洞 |
Showing top 20 of 46 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2014-3660
No comments yet