7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
73.6%
Software: libxml2 2.9.7
OS: ROSA Virtualization 2.1
package_evr_string: libxml2-2.9.7-16.rv3
CVE-ID: CVE-2016-3709
BDU-ID: 2023-07602
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data and compromise its integrity
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libxml2 command.
CVE-ID: CVE-2022-23308
BDU-ID: 2022-01453
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the valid.c file of the libxml2 XML document analysis library is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by sending a specially crafted XML file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libxml2 command
CVE-ID: CVE-2022-29824
BDU-ID: 2022-03033
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the buf.c and tree.c components of the libxml2 library is related to integer overflow when using the xmlBuf and xmlBuffer types. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or execute arbitrary code using specially crafted XML files
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libxml2 command
CVE-ID: CVE-2022-40303
BDU-ID: 2022-06701
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xmlParseNameComplex() function of the libxml2 XML document parsing library is related to an integer overflow when processing content with the XML_PARSE_HUGE parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run yum update libxml2.
CVE-ID: CVE-2022-40304
BDU-ID: 2022-06700
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the XML object cleanup function of the libxml2 XML document parsing library is related to a double memory release when processing dict structure objects whose first byte value is zero. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run yum update libxml2
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.004 Low
EPSS
Percentile
73.6%