Siemens SIMATIC S7-1500 Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2023-39615)

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-29824)

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.5 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more...

Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2

...

SUSE CVE-2025-12863

This CVE was assigned for a libxml2 issue1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012note2608283...

ROS-20251111-01

A vulnerability in the libxml2 library for manipulating XML and HTML files is related to uncontrolled recursion during the XPath computation in the xmlXPathRunEval function in xpath.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the...

CVE-2025-49795 affecting package libxml2 for versions less than 2.10.4-9

CVE-2025-49795 affecting package libxml2 for versions less than 2.10.4-9. A patched version of the package is available...

Advisory ROSA-SA-2025-3073

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.0 unaffected versions = libxml2-2.9.7-21.0.1.rv30.3 affected versions libxml2-2.9.7-21.0.1.1.rv30.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...

Advisory ROSA-SA-2025-3065

Software: libxml2 2.9.7 OS: ROSA Virtualization 2.1 unaffected versions = libxml2-2.9.7-21.0.1.rv3.3 affected versions libxml2-2.9.7-21.0.1.1.rv3.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...

Advisory ROSA-SA-2025-3054

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.1 unaffected versions = libxml2-2.9.7-21.0.1.rv31.3 affected versions libxml2-2.9.7-21.0.1.1.rv31.3 CVE-ID: CVE-2025-6021 BDU-ID: CVE-Crit: HIGH CVE-DESC.: A vulnerability in the xmlBuildQName function of the Libxml2 library is related to a...

Mageia: Security Advisory (MGASA-2025-0269)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Advisory ROSA-SA-2025-3048

Software: libxml2 2.9.7 OS: ROSA Virtualization 3.1 unaffected versions = libxml2-2.9.7-21.0.1.rv31.3 affected versions libxml2-2.9.7-21.0.1.1.rv31.3 CVE-ID: CVE-2016-3709 BDU-ID: CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Libxml2 library is related to the failure to take measures to...

MGASA-2025-0269 Updated libxml2 & libxslt packages fix security vulnerabilities

Heap use after free UAF leads to Denial of service DoS. CVE-2025-49794 Null pointer dereference leads to Denial of service DoS. CVE-2025-49795 Type confusion leads to Denial of service DoS. CVE-2025-49796 Integer Overflow Leading to Buffer Overflow in xmlBuildQName. CVE-2025-6021 Stack-based Buff...

Updated libxml2 & libxslt packages fix security vulnerabilities

Heap use after free UAF leads to Denial of service DoS. CVE-2025-49794 Null pointer dereference leads to Denial of service DoS. CVE-2025-49795 Type confusion leads to Denial of service DoS. CVE-2025-49796 Integer Overflow Leading to Buffer Overflow in xmlBuildQName. CVE-2025-6021 Stack-based Buff...

Linux Distros Unpatched Vulnerability : CVE-2025-12863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the xmlSetTreeDoc function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes ar...

DEBIAN-CVE-2025-12863

A flaw was found in the xmlSetTreeDoc function of the libxml2 XML parsing library. This function is responsible for updating document pointers when XML nodes are moved between documents. Due to improper handling of namespace references, a namespace pointer may remain linked to a freed memory regi...

CVE-2025-12863

Rejected reason: This CVE was assigned for a libxml2 issue1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012note2608283...

CVE-2025-12863

CVE-2025-12863 entry is rejected/not used and does not represent an active vulnerability.

CVE-2025-12863

...

CVE-2025-12863

...