High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-24	CVE-2019-19956	Memory Leak vulnerability in multiple products xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. network low complexity xmlsoft debian oracle fedoraproject canonical netapp siemens CWE-401	7.5
2019-12-11	CVE-2019-5815	Type Confusion vulnerability in multiple products Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. network low complexity xmlsoft debian CWE-843	7.5
2019-10-18	CVE-2019-18197	Use of Uninitialized Resource vulnerability in multiple products In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. network high complexity xmlsoft debian canonical CWE-908	7.5
2018-08-28	CVE-2017-15412	Use After Free vulnerability in multiple products Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. network low complexity redhat debian google xmlsoft CWE-416	8.8
2018-07-30	CVE-2016-9597	It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. network low complexity canonical xmlsoft debian hp opensuse	7.5
2018-07-19	CVE-2018-14404	NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. network low complexity canonical debian xmlsoft CWE-476	7.5
2018-02-07	CVE-2017-5130	Out-of-bounds Write vulnerability in multiple products An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file. network low complexity google debian xmlsoft CWE-787	8.8
2017-11-23	CVE-2017-16932	Infinite Loop vulnerability in Xmlsoft Libxml2 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. network low complexity xmlsoft CWE-835	7.5
2017-05-18	CVE-2017-9050	Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. network low complexity xmlsoft CWE-125	7.5
2017-05-18	CVE-2017-9049	Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. network low complexity xmlsoft CWE-125	7.5