Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libxml2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-18853
ImageMagick prior to 7.0.9-0 allows remote malicious users to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.
Imagemagick Imagemagick
4.3
CVSSv2
CVE-2018-14567
libxml2 2.9.8, if --with-lzma is used, allows remote malicious users to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
Xmlsoft Libxml2 2.9.8
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2017-18258
The xz_head function in xzlib.c in libxml2 prior to 2.9.6 allows remote malicious users to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
Xmlsoft Libxml2
4.3
CVSSv2
CVE-2015-8861
The handlebars package prior to 4.0.0 for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Handlebars.js Project Handlebars.js
1 Github repository
4.3
CVSSv2
CVE-2015-8862
mustache package prior to 2.2.1 for Node.js allows remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
Mustache.js Project Mustache.js
4.3
CVSSv2
CVE-2016-5134
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome prior to 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote malicious users to discover credentials by operating a server with a PAC sc...
Google Chrome
4.3
CVSSv2
CVE-2016-5135
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome prior to 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote malicious users to bypass the Content Security Polic...
Google Chrome
4.3
CVSSv2
CVE-2016-5130
content/renderer/history_controller.cc in Google Chrome prior to 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote malicious users to spoof the URL display via a crafted web site.
Google Chrome
4.3
CVSSv2
CVE-2016-5133
Google Chrome prior to 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle malicious users to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
Google Chrome
4.3
CVSSv2
CVE-2016-5137
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome prior to 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies...
Google Chrome
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »