High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-24	CVE-2019-19956	Memory Leak vulnerability in multiple products xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. network low complexity xmlsoft debian oracle fedoraproject canonical netapp siemens CWE-401	7.5
2019-12-11	CVE-2019-5815	Type Confusion vulnerability in multiple products Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. network low complexity xmlsoft debian CWE-843	7.5
2018-08-28	CVE-2017-15412	Use After Free vulnerability in multiple products Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity redhat debian google xmlsoft CWE-416	8.8
2018-07-30	CVE-2016-9597	Uncontrolled Recursion vulnerability in multiple products It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. network low complexity canonical xmlsoft debian hp opensuse CWE-674	7.5
2018-02-19	CVE-2017-7375	XXE vulnerability in multiple products A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). network low complexity xmlsoft debian google CWE-611	7.5
2017-11-23	CVE-2017-16932	Infinite Loop vulnerability in Xmlsoft Libxml2 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. network low complexity xmlsoft CWE-835	7.5
2017-11-23	CVE-2017-16931	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. network low complexity xmlsoft CWE-119	7.5
2017-05-18	CVE-2017-9050	Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. network low complexity xmlsoft CWE-125	7.5
2017-05-18	CVE-2017-9049	Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. network low complexity xmlsoft CWE-125	7.5
2017-05-18	CVE-2017-9048	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. network low complexity xmlsoft CWE-119	7.5