Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-06	CVE-2023-45322	Use After Free vulnerability in Xmlsoft Libxml2 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. network low complexity xmlsoft CWE-416	6.5
2023-08-29	CVE-2023-39615	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.11.0 Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. network low complexity xmlsoft CWE-119	6.5
2023-04-24	CVE-2023-28484	NULL Pointer Dereference vulnerability in multiple products In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. network low complexity xmlsoft debian CWE-476	6.5
2023-04-24	CVE-2023-29469	Double Free vulnerability in multiple products An issue was discovered in libxml2 before 2.10.4. network low complexity xmlsoft debian CWE-415	6.5
2022-07-28	CVE-2016-3709	Cross-site Scripting vulnerability in Xmlsoft Libxml2 Possible cross-site scripting vulnerability in libxml after commit 960f0e2. network low complexity xmlsoft CWE-79	6.1
2022-05-03	CVE-2022-29824	Integer Overflow or Wraparound vulnerability in multiple products In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c (xmlBuffer) don't check for integer overflows. network low complexity xmlsoft fedoraproject debian netapp oracle CWE-190	6.5
2021-07-09	CVE-2021-3541	XML Entity Expansion vulnerability in multiple products A flaw was found in libxml2. network low complexity xmlsoft redhat oracle netapp CWE-776	4.0
2021-05-14	CVE-2021-3537	NULL Pointer Dereference vulnerability in multiple products A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. network high complexity xmlsoft redhat debian fedoraproject netapp oracle CWE-476	5.9
2020-09-04	CVE-2020-24977	Out-of-bounds Read vulnerability in multiple products GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. network low complexity xmlsoft debian fedoraproject opensuse netapp oracle CWE-125	6.5
2018-08-16	CVE-2018-14567	Infinite Loop vulnerability in multiple products libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. network xmlsoft canonical debian CWE-835	4.3