|
2020-09-04
|
CVE-2020-24977
|
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
|
Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap, Clustered_data_ontap_antivirus_connector, Hci_h410c_firmware, Inventory_collect_tool, Manageability_software_development_kit, Snapdrive, Leap, Libxml2
|
6.5
|
|
|
|
2018-08-16
|
CVE-2016-9598
|
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.
|
Jboss_core_services, Libxml2
|
6.5
|
|
|
|
2018-08-16
|
CVE-2016-9596
|
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.
|
Jboss_core_services, Libxml2
|
6.5
|
|
|
|
2020-01-21
|
CVE-2020-7595
|
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
|
Libxml2
|
7.5
|
|
|
|
2020-01-21
|
CVE-2019-20388
|
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
|
Libxml2
|
7.5
|
|
|
|
2017-04-11
|
CVE-2016-4483
|
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
|
Debian_linux, Solaris, Libxml2
|
N/A
|
|
|
|
2016-04-13
|
CVE-2015-8806
|
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
|
Ubuntu_linux, Debian_linux, Libxml2
|
N/A
|
|
|
|
2019-12-24
|
CVE-2019-19956
|
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
|
Debian_linux, Libxml2
|
N/A
|
|
|
|
2018-08-16
|
CVE-2018-14567
|
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
|
Ubuntu_linux, Debian_linux, Libxml2
|
6.5
|
|
|
|
2018-07-19
|
CVE-2018-14404
|
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
|
Ubuntu_linux, Debian_linux, Libxml2
|
7.5
|
|
|