Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libxml2 vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-1711
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome prior to 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote malicious users to bypass the Same Origin Policy via a crafted web site.
Google Chrome
6.8
CVSSv2
CVE-2016-1840
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 prior to 2.9.4, as used in Apple iOS prior to 9.3.2, OS X prior to 10.11.5, tvOS prior to 9.2.1, and watchOS prior to 2.2.1, allows remote malicious users to execute arbitrary code or cause a denial of s...
Debian Debian Linux 8.0
Apple Iphone Os
Apple Mac Os X
Apple Tvos
Apple Watchos
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Redhat Enterprise Linux Server Aus 7.4
Redhat Enterprise Linux Server Aus 7.3
Redhat Enterprise Linux Server Aus 7.2
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Tus 7.2
Redhat Enterprise Linux Server Eus 7.4
Redhat Enterprise Linux Server Eus 7.2
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Desktop 7.0
6.8
CVSSv2
CVE-2013-0339
libxml2 up to and including 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote malicious users to cause a denial of service (resource consumption), se...
Xmlsoft Libxml2 2.2.0
Xmlsoft Libxml2 2.2.2
Xmlsoft Libxml2 2.4.30
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 1.8.0
Xmlsoft Libxml2 1.8.16
Xmlsoft Libxml2 2.6.32
Xmlsoft Libxml2 2.1.0
Xmlsoft Libxml2 2.6.29
Xmlsoft Libxml2 2.4.19
Xmlsoft Libxml2 2.4.7
Xmlsoft Libxml2 2.4.17
Xmlsoft Libxml2 2.2.9
Xmlsoft Libxml2 2.8.0
Xmlsoft Libxml2 2.3.6
Xmlsoft Libxml2 2.6.26
Xmlsoft Libxml2 2.6.11
Xmlsoft Libxml2 1.7.1
Xmlsoft Libxml2 2.7.2
Xmlsoft Libxml2 2.4.21
Xmlsoft Libxml2 2.4.20
Xmlsoft Libxml2 2.3.7
6.8
CVSSv2
CVE-2012-5134
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and previous versions, as used in Google Chrome prior to 23.0.1271.91 and other products, allows remote malicious users to cause a denial of service or possibly execute arbitrary code...
Google Chrome 23.0.1271.87
Google Chrome 23.0.1271.58
Xmlsoft Libxml2 2.2.0
Xmlsoft Libxml2 2.2.2
Google Chrome 23.0.1271.19
Google Chrome 23.0.1271.51
Xmlsoft Libxml2 2.4.30
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 1.8.0
Xmlsoft Libxml2 1.8.16
Xmlsoft Libxml2 2.6.32
Xmlsoft Libxml2 2.1.0
Xmlsoft Libxml2 2.4.19
Xmlsoft Libxml2 2.4.7
Xmlsoft Libxml2 2.4.17
Xmlsoft Libxml2 2.2.9
Google Chrome 23.0.1271.45
Google Chrome 23.0.1271.18
Xmlsoft Libxml2 2.3.6
Xmlsoft Libxml2 2.6.26
Google Chrome 23.0.1271.17
Xmlsoft Libxml2 2.6.11
1 Github repository
6.8
CVSSv2
CVE-2012-2871
libxml2 2.9.0-rc1 and previous versions, as used in Google Chrome prior to 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote malicious users to cause a denial of service or possibly have unknown other ...
Apple Iphone Os 6.1.2
Apple Iphone Os 3.0
Apple Iphone Os 3.2
Apple Iphone Os 3.1.3
Apple Iphone Os 1.0.2
Apple Iphone Os 4.3.2
Apple Iphone Os 4.0.2
Apple Iphone Os
Apple Iphone Os 2.2
Apple Iphone Os 1.1.1
Apple Iphone Os 6.1.3
Apple Iphone Os 5.1
Apple Iphone Os 4.2.8
Apple Iphone Os 6.0.2
Apple Iphone Os 4.1
Apple Iphone Os 2.0.0
Apple Iphone Os 3.1.2
Apple Iphone Os 3.0.1
Apple Iphone Os 4.3.1
Apple Iphone Os 4.2.5
Apple Iphone Os 1.1.2
Apple Iphone Os 3.1
1 Article
6.8
CVSSv2
CVE-2012-2807
Multiple integer overflows in libxml2, as used in Google Chrome prior to 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote malicious users to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Google Chrome
Google Chrome 20.0.1132.0
Google Chrome 20.0.1132.1
Google Chrome 20.0.1132.2
Google Chrome 20.0.1132.3
Google Chrome 20.0.1132.4
Google Chrome 20.0.1132.5
Google Chrome 20.0.1132.6
Google Chrome 20.0.1132.7
Google Chrome 20.0.1132.8
Google Chrome 20.0.1132.9
Google Chrome 20.0.1132.10
Google Chrome 20.0.1132.11
Google Chrome 20.0.1132.12
Google Chrome 20.0.1132.13
Google Chrome 20.0.1132.14
Google Chrome 20.0.1132.15
Google Chrome 20.0.1132.16
Google Chrome 20.0.1132.17
Google Chrome 20.0.1132.18
Google Chrome 20.0.1132.19
Google Chrome 20.0.1132.20
6.8
CVSSv2
CVE-2011-3102
Off-by-one error in libxml2, as used in Google Chrome prior to 19.0.1084.46 and other products, allows remote malicious users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
Google Chrome
Apple Iphone Os 1.0.0
Apple Iphone Os 1.0.1
Apple Iphone Os 2.0
Apple Iphone Os 2.0.0
Apple Iphone Os 3.0
Apple Iphone Os 3.0.1
Apple Iphone Os 4.0
Apple Iphone Os 4.0.1
Apple Iphone Os 4.3.2
Apple Iphone Os 4.3.3
Apple Iphone Os 6.0.1
Apple Iphone Os 6.0.2
Apple Iphone Os 1.1.1
Apple Iphone Os 1.1.2
Apple Iphone Os 1.1.3
Apple Iphone Os 2.1
Apple Iphone Os 2.1.1
Apple Iphone Os 3.1.3
Apple Iphone Os 3.2
Apple Iphone Os 4.2.5
Apple Iphone Os 4.2.8
6.8
CVSSv2
CVE-2011-2834
Double free vulnerability in libxml2, as used in Google Chrome prior to 14.0.835.163, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
Google Chrome
Apple Iphone Os
Apple Mac Os X
Debian Debian Linux 5.0
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Server Eus 6.3
6.4
CVSSv2
CVE-2020-24977
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
Xmlsoft Libxml2 2.9.10
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Opensuse Leap 15.2
Netapp Snapdrive -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Active Iq Unified Manager
Netapp Manageability Software Development Kit -
Netapp Inventory Collect Tool -
Netapp Hci H410c Firmware -
Oracle Http Server 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Http Server 12.2.1.4.0
Oracle Enterprise Manager Ops Center 12.4.0.0
Oracle Enterprise Manager Base Platform 13.5.0.0
Oracle Mysql Workbench
Oracle Real User Experience Insight 13.4.1.0
6.4
CVSSv2
CVE-2017-8872
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows malicious users to cause a denial of service (buffer over-read) or information disclosure.
Xmlsoft Libxml2 2.9.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »