Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xmlsoft vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2015-7941
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent malicious users to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser....
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Xmlsoft Libxml2 2.9.2
383
VMScore
CVE-2013-4520
xslt.c in libxslt prior to 1.1.25 allows context-dependent malicious users to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type. NOTE: this issue is due to an incomplete fix for CVE-2012-2825.
Xmlsoft Libxslt 0.2.0
Xmlsoft Libxslt 0.3.0
Xmlsoft Libxslt 0.4.0
Xmlsoft Libxslt 0.5.0
Xmlsoft Libxslt 1.0.17
Xmlsoft Libxslt 1.0.18
Xmlsoft Libxslt 1.0.19
Xmlsoft Libxslt 1.0.2
Xmlsoft Libxslt 1.0.32
Xmlsoft Libxslt 1.0.33
Xmlsoft Libxslt 1.0.4
Xmlsoft Libxslt 1.0.5
Xmlsoft Libxslt 1.1.16
Xmlsoft Libxslt 1.1.17
Xmlsoft Libxslt 1.1.18
Xmlsoft Libxslt 1.1.19
Xmlsoft Libxslt 1.1.2
Xmlsoft Libxslt 0.12.0
Xmlsoft Libxslt 0.14.0
Xmlsoft Libxslt 0.6.0
Xmlsoft Libxslt 0.8.0
Xmlsoft Libxslt 1.0.0
383
VMScore
CVE-2013-0338
libxml2 2.9.0 and previous versions allows context-dependent malicious users to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansi...
Xmlsoft Libxml2 1.7.0
Xmlsoft Libxml2 1.7.1
Xmlsoft Libxml2 2.5.10
Xmlsoft Libxml2 2.4.23
Xmlsoft Libxml2 2.4.28
Xmlsoft Libxml2 2.4.29
Xmlsoft Libxml2 2.4.22
Xmlsoft Libxml2 2.6.17
Xmlsoft Libxml2 2.4.9
Xmlsoft Libxml2 2.4.8
Xmlsoft Libxml2 2.4.12
Xmlsoft Libxml2 2.4.15
Xmlsoft Libxml2 2.4.14
Xmlsoft Libxml2 2.2.0
Xmlsoft Libxml2 1.7.2
Xmlsoft Libxml2 2.6.11
Xmlsoft Libxml2 2.4.19
Xmlsoft Libxml2 2.6.14
Xmlsoft Libxml2 2.4.26
Xmlsoft Libxml2 2.4.27
Xmlsoft Libxml2 2.6.22
Xmlsoft Libxml2 2.4.21
383
VMScore
CVE-2011-1202
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and previous versions, as used in Google Chrome prior to 10.0.648.127 and other products, allows remote malicious users to obtain potentially sensitive information about heap memory addresses via an XML document...
Google Chrome
Xmlsoft Libxslt
383
VMScore
CVE-2010-4008
libxml2 prior to 2.7.8, as used in Google Chrome prior to 7.0.517.44, Apple Safari 5.0.2 and previous versions, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent malicious users to cause a deni...
Google Chrome
Apple Itunes
Apple Safari
Apple Iphone Os
Apple Mac Os X
Xmlsoft Libxml2
Debian Debian Linux 5.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 9.10
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 10.10
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server Eus 6.3
Redhat Enterprise Linux Workstation 6.0
Opensuse Opensuse 11.1
Opensuse Opensuse 11.2
Opensuse Opensuse 11.3
Suse Suse Linux Enterprise Server 10
Suse Suse Linux Enterprise Server 11
383
VMScore
CVE-2009-2414
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent malicious users to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion,...
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 2.6.32
Xmlsoft Libxml2 2.6.26
Xmlsoft Libxml2 2.6.27
Xmlsoft Libxml 1.8.17
Xmlsoft Libxml2 2.5.10
383
VMScore
CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent malicious users to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, a...
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 2.6.32
Xmlsoft Libxml2 2.6.26
Xmlsoft Libxml2 2.6.27
Xmlsoft Libxml 1.8.17
Xmlsoft Libxml2 2.5.10
Fedoraproject Fedora 11
Fedoraproject Fedora 10
Debian Debian Linux 4.0
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 3.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Google Chrome
Apple Mac Os X
Apple Safari
Apple Mac Os X Server
Apple Iphone Os
Suse Linux Enterprise Server 9
383
VMScore
CVE-2008-3281
libxml2 2.6.32 and previous versions does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document.
Xmlsoft Libxml2
Apple Safari
Apple Iphone Os
Fedoraproject Fedora 9
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Desktop 3.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 4.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Eus 4.7
Redhat Enterprise Linux Server 4.0
Redhat Enterprise Linux Workstation 4.0
Redhat Enterprise Linux Workstation 3.0
Redhat Enterprise Linux Server 3.0
Redhat Enterprise Linux Eus 5.2
Redhat Enterprise Linux Server 2.0
Redhat Enterprise Linux Workstation 2.0
356
VMScore
CVE-2021-3541
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
Xmlsoft Libxml2
Redhat Jboss Core Services -
Oracle Zfs Storage Appliance Kit 8.8
Netapp Active Iq Unified Manager -
Netapp Cloud Backup -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Manageability Software Development Kit -
Netapp Ontap Select Deploy Administration Utility -
Netapp Smi-s Provider -
Netapp Snapdrive -
Netapp H410c Firmware -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H300e Firmware -
Netapp H500e Firmware -
Netapp H700e Firmware -
Netapp H410s Firmware -
234
VMScore
CVE-2018-9251
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote malicious users to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-803...
Xmlsoft Libxml2 2.9.8
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »