Lucene search

Manageability Software Development Kit Security Vulnerabilities

cve

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be...

7.8CVSS

8.5AI Score

0.001EPSS

2022-11-23 06:15 PM

226

cve

CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c (xmlBuffer) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

6.5CVSS

7AI Score

0.002EPSS

2022-05-03 03:15 AM

293

cve

CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF...

7.5CVSS

8AI Score

0.004EPSS

2022-02-26 05:15 AM

346

cve

CVE-2021-3541

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of...

6.5CVSS

7.3AI Score

0.001EPSS

2021-07-09 05:15 PM

342

cve

CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

8.6CVSS

8.6AI Score

0.012EPSS

2021-05-19 02:15 PM

422

cve

CVE-2021-3518

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and...

8.8CVSS

7.4AI Score

0.004EPSS

2021-05-18 12:15 PM

322

cve

CVE-2021-3537

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

5.9CVSS

7.1AI Score

0.01EPSS

2021-05-14 08:15 PM

372

In Wild

cve

CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit...

6.5CVSS

7.3AI Score

0.003EPSS

2020-09-04 12:15 AM

377

cve

CVE-2018-1285

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration...

9.8CVSS

7.1AI Score

0.009EPSS

2020-05-11 05:15 PM

248

cve

CVE-2019-19956

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to...

7.5CVSS

7.5AI Score

0.004EPSS

2019-12-24 04:15 PM

397