Vulnerabilities > Xmlsoft

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2021-3541 XML Entity Expansion vulnerability in multiple products
A flaw was found in libxml2.
network
low complexity
xmlsoft redhat CWE-776
4.0
2021-06-01 CVE-2021-3516 Use After Free vulnerability in multiple products
There's a flaw in libxml2's xmllint in versions before 2.9.11.
6.8
2021-05-19 CVE-2021-3517 Out-of-bounds Write vulnerability in multiple products
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11.
network
low complexity
xmlsoft redhat fedoraproject debian netapp CWE-787
7.5
2021-05-18 CVE-2021-3518 Use After Free vulnerability in multiple products
There's a flaw in libxml2 in versions before 2.9.11.
6.8
2021-05-14 CVE-2021-3537 NULL Pointer Dereference vulnerability in multiple products
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference.
4.3
2020-09-04 CVE-2020-24977 Out-of-bounds Read vulnerability in multiple products
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.
6.4
2020-01-21 CVE-2020-7595 Infinite Loop vulnerability in multiple products
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
5.0
2020-01-21 CVE-2019-20388 Memory Leak vulnerability in Xmlsoft Libxml2 2.9.10
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
network
low complexity
xmlsoft CWE-401
5.0
2019-12-24 CVE-2019-19956 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
5.0
2019-12-11 CVE-2019-5815 Type Confusion vulnerability in Xmlsoft Libxslt
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
network
low complexity
xmlsoft CWE-843
5.0