Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xmlsoft libxml2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2024-25062
An issue exists in libxml2 prior to 2.11.7 and 2.12.x prior to 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
Xmlsoft Libxml2
6.5
CVSSv3
CVE-2023-45322
libxml2 up to and including 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... becau...
Xmlsoft Libxml2
6.5
CVSSv3
CVE-2023-39615
Xmlsoft Libxml2 v2.11.0 exists to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the p...
Xmlsoft Libxml2 2.11.0
6.5
CVSSv3
CVE-2023-28484
In libxml2 prior to 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Xmlsoft Libxml2
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2023-29469
An issue exists in libxml2 prior to 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an...
Xmlsoft Libxml2
Debian Debian Linux 10.0
1 Github repository
7.8
CVSSv3
CVE-2022-40304
An issue exists in libxml2 prior to 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Xmlsoft Libxml2
Netapp Clustered Data Ontap -
Netapp Smi-s Provider -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Active Iq Unified Manager -
Netapp Manageability Software Development Kit -
Netapp Snapmanager -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Apple Macos
Apple Watchos
Apple Tvos
Apple Ipados
Apple Iphone Os
7.5
CVSSv3
CVE-2022-40303
An issue exists in libxml2 prior to 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation...
Xmlsoft Libxml2
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Active Iq Unified Manager -
Netapp Snapmanager -
Netapp Netapp Manageability Sdk -
Apple Macos
Apple Watchos
Apple Tvos
Apple Ipados
Apple Iphone Os
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
6.1
CVSSv3
CVE-2016-3709
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
Xmlsoft Libxml2
6.5
CVSSv3
CVE-2022-29824
In libxml2 prior to 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other softwa...
Xmlsoft Libxml2
Xmlsoft Libxslt
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Snapdrive -
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Smi-s Provider -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire & Hci Management Node -
Netapp Manageability Software Development Kit -
Netapp Active Iq Unified Manager -
Netapp Snapmanager -
Oracle Zfs Storage Appliance Kit 8.8
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
7.5
CVSSv3
CVE-2022-23308
valid.c in libxml2 prior to 2.9.13 has a use-after-free of ID and IDREF attributes.
Xmlsoft Libxml2
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Apple Mac Os X 10.15.7
Apple Mac Os X
Apple Iphone Os
Apple Watchos
Apple Tvos
Apple Ipados
Apple Macos
Netapp Snapdrive -
Netapp Snapmanager -
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Smi-s Provider -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Solidfire & Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Manageability Software Development Kit -
Netapp Solidfire, Enterprise Sds & Hci Storage Node -
Netapp Bootstrap Os -
Netapp H300s Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »