Vulnerabilities > Xmlsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-3541 | XML Entity Expansion vulnerability in multiple products A flaw was found in libxml2. | 4.0 |
| 2021-06-01 | CVE-2021-3516 | USE After Free vulnerability in multiple products There's a flaw in libxml2's xmllint in versions before 2.9.11. | 6.8 |
| 2021-05-19 | CVE-2021-3517 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. | 7.5 |
| 2021-05-18 | CVE-2021-3518 | USE After Free vulnerability in multiple products There's a flaw in libxml2 in versions before 2.9.11. | 6.8 |
| 2021-05-14 | CVE-2021-3537 | Null Pointer Dereference vulnerability in multiple products A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. | 4.3 |
| 2020-09-04 | CVE-2020-24977 | Out-Of-Bounds Read vulnerability in multiple products GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. | 6.4 |
| 2020-01-21 | CVE-2020-7595 | Infinite Loop vulnerability in Xmlsoft Libxml2 2.9.10 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | 5.0 |
| 2020-01-21 | CVE-2019-20388 | Improper Resource Shutdown OR Release vulnerability in Xmlsoft Libxml2 2.9.10 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | 5.0 |
| 2019-12-24 | CVE-2019-19956 | Missing Release of Resource After Effective Lifetime vulnerability in multiple products xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | 5.0 |
| 2019-12-11 | CVE-2019-5815 | Type Confusion vulnerability in Xmlsoft Libxslt Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. | 5.0 |