JLSEC-2025-82 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fa...

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when...

JLSEC-2025-90 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a ...

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used...

JLSEC-2025-73 A flaw was found in libxml2

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service...

JLSEC-2025-84 An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7

An issue was discovered in xmllint from libxml2 before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c...

JLSEC-2025-87 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElem...

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047...

JLSEC-2025-69 GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesIntern...

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e...

JLSEC-2025-77 An issue was discovered in libxml2 before 2.10.3

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

JLSEC-2025-85 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free...

Advisory ROSA-SA-2025-3031

software: libxml2 2.9.14 OS: ROSA-CHROME unaffected versions = libxml2-2.9.14-10 affected versions libxml2-2.9.14-10 CVE-ID: CVE-2025-9714 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability: uncontrolled recursion in evalXPath of libxml2 library before 2.9.14, allowing a local attacker to cau...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-2203)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2025-2235)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2025-2203)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1)

The version of AHV installed on the remote host is prior to AHV-10.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1 advisory. - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103072)

The version of AHV installed on the remote host is prior to 20230302.103072. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103072 advisory. - There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could...

CLSA-2025-1760017744 Fix CVE(s): CVE-2025-6491

SECURITY UPDATE: fix NULL pointer dereference in SOAP with huge QName - debian/patches/CVE-2025-6491.patch: Add safeguard in ext/soap/soap.c to handle invalid XML node names produced by libxml2 with extremely large namespace prefixes - CVE-2025-6491...

CLSA-2025-1760017411 Fix CVE(s): CVE-2025-6491

SECURITY UPDATE: fix NULL pointer dereference in SOAP with huge QName - debian/patches/CVE-2025-6491.patch: Add safeguard in ext/soap/soap.c to handle invalid XML node names produced by libxml2 with extremely large namespace prefixes - CVE-2025-6491...

AlmaLinux 10 : libxml2 (ALSA-2025:10630)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:10630 advisory. libxml: Heap use after free UAF leads to Denial of service DoS CVE-2025-49794 libxml: Null pointer dereference leads to Denial of service DoS...

AlmaLinux 10 : libxml2 (ALSA-2025:13429)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:13429 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providi...

EUVD-2013-1957

Malware in sbrugna...

EUVD-2012-2851

Malware in sbrugna...