High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-30	CVE-2016-9597	Uncontrolled Recursion vulnerability in multiple products It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. network low complexity canonical xmlsoft debian hp opensuse CWE-674	7.5
2016-06-09	CVE-2016-4447	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. network low complexity hp canonical debian oracle apple xmlsoft mcafee CWE-119	7.5
2016-05-17	CVE-2016-3705	Improper Input Validation vulnerability in multiple products The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. network low complexity canonical xmlsoft debian hp opensuse CWE-20	7.5
2016-05-17	CVE-2016-3627	Uncontrolled Recursion vulnerability in multiple products The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. network low complexity opensuse debian hp xmlsoft canonical redhat oracle CWE-674	7.5