Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xmlsoft libxml2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2015-7941
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent malicious users to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser....
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Xmlsoft Libxml2 2.9.2
6.8
CVSSv2
CVE-2013-0339
libxml2 up to and including 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote malicious users to cause a denial of service (resource consumption), se...
Xmlsoft Libxml2 2.2.0
Xmlsoft Libxml2 2.2.2
Xmlsoft Libxml2 2.4.30
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 1.8.0
Xmlsoft Libxml2 1.8.16
Xmlsoft Libxml2 2.6.32
Xmlsoft Libxml2 2.1.0
Xmlsoft Libxml2 2.6.29
Xmlsoft Libxml2 2.4.19
Xmlsoft Libxml2 2.4.7
Xmlsoft Libxml2 2.4.17
Xmlsoft Libxml2 2.2.9
Xmlsoft Libxml2 2.8.0
Xmlsoft Libxml2 2.3.6
Xmlsoft Libxml2 2.6.26
Xmlsoft Libxml2 2.6.11
Xmlsoft Libxml2 1.7.1
Xmlsoft Libxml2 2.7.2
Xmlsoft Libxml2 2.4.21
Xmlsoft Libxml2 2.4.20
Xmlsoft Libxml2 2.3.7
4.3
CVSSv2
CVE-2013-0338
libxml2 2.9.0 and previous versions allows context-dependent malicious users to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansi...
Xmlsoft Libxml2 1.7.0
Xmlsoft Libxml2 1.7.1
Xmlsoft Libxml2 2.5.10
Xmlsoft Libxml2 2.4.23
Xmlsoft Libxml2 2.4.28
Xmlsoft Libxml2 2.4.29
Xmlsoft Libxml2 2.4.22
Xmlsoft Libxml2 2.6.17
Xmlsoft Libxml2 2.4.9
Xmlsoft Libxml2 2.4.8
Xmlsoft Libxml2 2.4.12
Xmlsoft Libxml2 2.4.15
Xmlsoft Libxml2 2.4.14
Xmlsoft Libxml2 2.2.0
Xmlsoft Libxml2 1.7.2
Xmlsoft Libxml2 2.6.11
Xmlsoft Libxml2 2.4.19
Xmlsoft Libxml2 2.6.14
Xmlsoft Libxml2 2.4.26
Xmlsoft Libxml2 2.4.27
Xmlsoft Libxml2 2.6.22
Xmlsoft Libxml2 2.4.21
7.5
CVSSv2
CVE-2013-1969
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions...
Xmlsoft Libxml2 2.9.0
5
CVSSv2
CVE-2012-0841
libxml2 prior to 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted XML data.
Xmlsoft Libxml2 2.2.0
Xmlsoft Libxml2 2.2.2
Xmlsoft Libxml2 2.4.30
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 1.8.0
Xmlsoft Libxml2 1.8.16
Xmlsoft Libxml2 2.6.32
Xmlsoft Libxml2 2.1.0
Xmlsoft Libxml2 2.6.29
Xmlsoft Libxml2 2.4.19
Xmlsoft Libxml2 2.4.7
Xmlsoft Libxml2 2.4.17
Xmlsoft Libxml2 2.2.9
Xmlsoft Libxml2 2.3.6
Xmlsoft Libxml2 2.6.26
Xmlsoft Libxml2 2.6.11
Xmlsoft Libxml2 1.7.1
Xmlsoft Libxml2 2.7.2
Xmlsoft Libxml2 2.4.21
Xmlsoft Libxml2 2.4.20
Xmlsoft Libxml2 2.3.7
Xmlsoft Libxml2 2.6.17
6.8
CVSSv2
CVE-2012-5134
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and previous versions, as used in Google Chrome prior to 23.0.1271.91 and other products, allows remote malicious users to cause a denial of service or possibly execute arbitrary code...
Google Chrome 23.0.1271.87
Google Chrome 23.0.1271.58
Xmlsoft Libxml2 2.2.0
Xmlsoft Libxml2 2.2.2
Google Chrome 23.0.1271.19
Google Chrome 23.0.1271.51
Xmlsoft Libxml2 2.4.30
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 1.8.0
Xmlsoft Libxml2 1.8.16
Xmlsoft Libxml2 2.6.32
Xmlsoft Libxml2 2.1.0
Xmlsoft Libxml2 2.4.19
Xmlsoft Libxml2 2.4.7
Xmlsoft Libxml2 2.4.17
Xmlsoft Libxml2 2.2.9
Google Chrome 23.0.1271.45
Google Chrome 23.0.1271.18
Xmlsoft Libxml2 2.3.6
Xmlsoft Libxml2 2.6.26
Google Chrome 23.0.1271.17
Xmlsoft Libxml2 2.6.11
1 Github repository
6.8
CVSSv2
CVE-2012-2871
libxml2 2.9.0-rc1 and previous versions, as used in Google Chrome prior to 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote malicious users to cause a denial of service or possibly have unknown other ...
Apple Iphone Os 6.1.2
Apple Iphone Os 3.0
Apple Iphone Os 3.2
Apple Iphone Os 3.1.3
Apple Iphone Os 1.0.2
Apple Iphone Os 4.3.2
Apple Iphone Os 4.0.2
Apple Iphone Os
Apple Iphone Os 2.2
Apple Iphone Os 1.1.1
Apple Iphone Os 6.1.3
Apple Iphone Os 5.1
Apple Iphone Os 4.2.8
Apple Iphone Os 6.0.2
Apple Iphone Os 4.1
Apple Iphone Os 2.0.0
Apple Iphone Os 3.1.2
Apple Iphone Os 3.0.1
Apple Iphone Os 4.3.1
Apple Iphone Os 4.2.5
Apple Iphone Os 1.1.2
Apple Iphone Os 3.1
1 Article
9.3
CVSSv2
CVE-2011-1944
Integer overflow in xpath.c in libxml2 2.6.x up to and including 2.6.32 and 2.7.x up to and including 2.7.8, and libxml 1.8.16 and previous versions, allows context-dependent malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XM...
Xmlsoft Libxml2 2.6.26
Xmlsoft Libxml2 2.6.30
Xmlsoft Libxml2 2.6.5
Xmlsoft Libxml2 2.6.6
Xmlsoft Libxml2 2.6.13
Xmlsoft Libxml2 2.6.9
Xmlsoft Libxml2 2.6.22
Xmlsoft Libxml2 2.6.27
Xmlsoft Libxml2 2.6.11
Xmlsoft Libxml2 2.6.1
Xmlsoft Libxml2 2.6.0
Xmlsoft Libxml2 2.6.2
Xmlsoft Libxml2 2.6.12
Xmlsoft Libxml2 2.6.17
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 2.6.3
Xmlsoft Libxml2 2.6.4
Xmlsoft Libxml2 2.6.7
Xmlsoft Libxml2 2.6.8
Xmlsoft Libxml2 2.6.20
Xmlsoft Libxml2 2.6.18
Xmlsoft Libxml2 2.6.14
1 EDB exploit
7.5
CVSSv2
CVE-2010-4494
Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome prior to 8.0.552.215 and other products, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
Google Chrome
Xmlsoft Libxml2
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Mac Os X
Opensuse Opensuse 11.2
Opensuse Opensuse 11.3
Suse Suse Linux Enterprise Server 11
Fedoraproject Fedora 14
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Eus 6.3
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Hp Insight Control Server Deployment
Hp Rapid Deployment Pack
Apache Openoffice
4.3
CVSSv2
CVE-2010-4008
libxml2 prior to 2.7.8, as used in Google Chrome prior to 7.0.517.44, Apple Safari 5.0.2 and previous versions, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent malicious users to cause a deni...
Google Chrome
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Mac Os X
Xmlsoft Libxml2
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 9.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 10.10
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server Eus 6.3
Redhat Enterprise Linux Workstation 6.0
Opensuse Opensuse 11.1
Opensuse Opensuse 11.2
Opensuse Opensuse 11.3
Suse Suse Linux Enterprise Server 10
Suse Suse Linux Enterprise Server 11
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »