Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libxml2 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2016-5135
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome prior to 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote malicious users to bypass the Content Security Polic...
Google Chrome
6.5
CVSSv3
CVE-2016-1707
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome prior to 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote malicious users to spoof the URL display via a crafted web site.
Google Chrome
6.5
CVSSv3
CVE-2016-2073
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows malicious users to cause a denial of service (out-of-bounds read) via a crafted XML document.
Xmlsoft Libxml2
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
6.5
CVSSv3
CVE-2012-3489
The xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 prior to 8.3.20, 8.4 prior to 8.4.13, 9.0 prior to 9.0.9, and 9.1 prior to 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obta...
Postgresql Postgresql
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.1
Apple Mac Os X Server 10.6.8
Apple Mac Os X Server
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Debian Debian Linux 6.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Eus 6.3
6.5
CVSSv3
CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent malicious users to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, a...
Xmlsoft Libxml2 2.6.16
Xmlsoft Libxml2 2.6.32
Xmlsoft Libxml2 2.6.26
Xmlsoft Libxml2 2.6.27
Xmlsoft Libxml 1.8.17
Xmlsoft Libxml2 2.5.10
Fedoraproject Fedora 11
Fedoraproject Fedora 10
Debian Debian Linux 4.0
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 3.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Google Chrome
Apple Mac Os X
Apple Safari
Apple Mac Os X Server
Apple Iphone Os
Suse Linux Enterprise Server 9
6.5
CVSSv3
CVE-2008-3281
libxml2 2.6.32 and previous versions does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document.
Xmlsoft Libxml2
Apple Safari
Apple Iphone Os
Fedoraproject Fedora 9
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Desktop 3.0
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 4.0
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Eus 4.7
Redhat Enterprise Linux Server 4.0
Redhat Enterprise Linux Workstation 4.0
Redhat Enterprise Linux Workstation 3.0
Redhat Enterprise Linux Server 3.0
Redhat Enterprise Linux Eus 5.2
Redhat Enterprise Linux Server 2.0
Redhat Enterprise Linux Workstation 2.0
6.5
CVSSv3
CVE-2003-1564
libxml2, possibly prior to 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references,...
Xmlsoft Libxml2
6.1
CVSSv3
CVE-2016-3709
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
Xmlsoft Libxml2
6.1
CVSSv3
CVE-2021-28957
An XSS vulnerability exists in python-lxml's clean module versions prior to 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...
Lxml Lxml
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Snapcenter -
Oracle Zfs Storage Appliance Kit 8.8
6.1
CVSSv3
CVE-2020-27783
A XSS vulnerability exists in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Lxml Lxml
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Netapp Snapcenter -
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »