Vulnerabilities > Xmlsoft

DATE CVE VULNERABILITY TITLE RISK
2024-02-04 CVE-2024-25062 Use After Free vulnerability in Xmlsoft Libxml2
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5.
network
low complexity
xmlsoft CWE-416
7.5
2023-10-06 CVE-2023-45322 Use After Free vulnerability in Xmlsoft Libxml2
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails.
network
low complexity
xmlsoft CWE-416
6.5
2023-08-29 CVE-2023-39615 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.11.0
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c.
network
low complexity
xmlsoft CWE-119
6.5
2023-04-24 CVE-2023-28484 NULL Pointer Dereference vulnerability in multiple products
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault.
network
low complexity
xmlsoft debian CWE-476
6.5
2023-04-24 CVE-2023-29469 Double Free vulnerability in multiple products
An issue was discovered in libxml2 before 2.10.4.
network
low complexity
xmlsoft debian CWE-415
6.5
2022-11-23 CVE-2022-40304 Double Free vulnerability in multiple products
An issue was discovered in libxml2 before 2.10.3.
local
low complexity
xmlsoft netapp apple CWE-415
7.8
2022-11-23 CVE-2022-40303 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in libxml2 before 2.10.3.
network
low complexity
xmlsoft netapp apple CWE-190
7.5
2022-07-28 CVE-2016-3709 Cross-site Scripting vulnerability in Xmlsoft Libxml2
Possible cross-site scripting vulnerability in libxml after commit 960f0e2.
network
low complexity
xmlsoft CWE-79
6.1
2022-05-03 CVE-2022-29824 Integer Overflow or Wraparound vulnerability in multiple products
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows.
network
low complexity
xmlsoft fedoraproject debian netapp oracle CWE-190
6.5
2022-02-26 CVE-2022-23308 Use After Free vulnerability in multiple products
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5