2.9.6

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-19	CVE-2021-3517	Out-of-bounds Write vulnerability in multiple products There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. network low complexity xmlsoft redhat fedoraproject debian netapp oracle CWE-787	8.6
2021-05-18	CVE-2021-3518	Use After Free vulnerability in multiple products There's a flaw in libxml2 in versions before 2.9.11. network low complexity xmlsoft debian redhat fedoraproject netapp oracle CWE-416	8.8
2021-05-14	CVE-2021-3537	NULL Pointer Dereference vulnerability in multiple products A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. network high complexity xmlsoft redhat debian fedoraproject netapp oracle CWE-476	5.9
2019-12-24	CVE-2019-19956	Memory Leak vulnerability in multiple products xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. network low complexity xmlsoft debian oracle fedoraproject canonical netapp siemens CWE-401	7.5
2018-07-19	CVE-2018-14404	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. network low complexity canonical debian xmlsoft CWE-476	5.0