Lucene search
K

200 matches found

OSV
OSV
added 2025/11/27 10:4 a.m.4 views

RHSA-2025:22177 Red Hat Security Advisory: libxml2 security update

Bulletin has no description...

6.2CVSS6.9AI score0.00144EPSS
Exploits0References9
OSV
OSV
added 2025/10/17 5:40 p.m.2 views

JLSEC-2025-75 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer...

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

6.5CVSS7.1AI score0.0363EPSS
Exploits5References28
OSV
OSV
added 2025/10/17 5:40 p.m.5 views

JLSEC-2025-83 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS7AI score0.01364EPSS
Exploits3References4
OSV
OSV
added 2025/10/17 5:40 p.m.3 views

JLSEC-2025-76 Possible cross-site scripting vulnerability in libxml after commit 960f0e2.

Possible cross-site scripting vulnerability in libxml after commit 960f0e2...

6.1CVSS6.3AI score0.00764EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/10/08 7:24 p.m.7 views

rexml: REXML: Denial of Service via inefficient regex parsing

A flaw was found in REXML. A remote attacker could exploit inefficient regular expression regex parsing when processing hex numeric character references &x...; in XML documents. This could lead to a Regular Expression Denial of Service ReDoS, impacting the availability of the affected component...

7.5CVSS7.3AI score0.00468EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-0902

Malware in sbrugna...

7.8CVSS7.5AI score0.01906EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1070a Security Update: libxml2 (UTSA-2025-986120)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986120 advisory. A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can...

7.5CVSS7.8AI score0.01067EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7493

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.01104EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-1603

Malicious code in bioql PyPI...

9.6CVSS9.1AI score0.00818EPSS
Exploits0References5
OSV
OSV
added 2025/10/01 4:26 p.m.7 views

CLSA-2025-1759336003 libxml2: Fix of CVE-2025-7425

Fix typo in CVE-2025-7425 fix...

7.8CVSS6.8AI score0.00339EPSS
Exploits1References1
Debian
Debian
added 2025/09/30 9:55 p.m.7 views

[SECURITY] [DLA 4319-1] libxml2 security update

Debian LTS Advisory DLA-4319-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin September 30, 2025 https://wiki.debian.org/LTS Package : libxml2 Version : 2.9.10+dfsg-6.7+deb11u9 CVE ID : CVE-2025-9714 CVE-2025-7425 Debian Bug : 1109122 Two security issues were foun...

7.8CVSS6.5AI score0.00339EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 8:36 a.m.10 views

Security Bulletin: Multiple vulnerabilities have been identified with the DS8900F and DS8A00 Hardware Management Console (HMC)

Summary DS8900F and DS8A00 updates have been released to remediate vulnerabilities in libexpat, libxml2, libsoup and krb5 libraries. Review the Vulnerability Details section below for additional information. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack overflow vulnerability...

9.8CVSS8.1AI score0.26049EPSS
Exploits1Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/25 5:18 p.m.16 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.4 Vulnerability Details CVEID:CVE-2016-10228 DESCRIPTION: The iconv program in the GNU C Library aka glibc or libc6 2.31 and earlier, when invoked with multiple suffixes in the destination encoding TRANSLATE or IGNO...

7.5CVSS8.6AI score0.51733EPSS
Exploits1Affected Software1
Microsoft CVE
Microsoft CVE
added 2025/09/21 8:4 a.m.4 views

REXML has a DoS condition when parsing malformed XML file

...

7.5CVSS7AI score0.00231EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/17 6:26 p.m.10 views

REXML has DoS condition when parsing malformed XML file

Impact The REXML gems from 3.3.3 to 3.4.1 have a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. Patches REXML gems 3.4.2 or later include the patches to fix these vulnerabilities...

5.3CVSS7.1AI score0.00231EPSS
Exploits0References6Affected Software1
Gitee
Gitee
added 2025/09/06 12:17 a.m.215 views

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the xml.etree.ElementTree module, which is a built-in Python module for parsing and creating XML documents. The library is maintained by...

7AI score
Exploits0
Snyk
Snyk
added 2025/09/02 12:0 a.m.4 views

Unchecked Input for Loop Condition

Overview Affected versions of this package are vulnerable to Unchecked Input for Loop Condition via the exsltDynMapFunction function in libexslt/dynamic.c when handling specially crafted XSLT documents that trigger uncontrolled recursion. An attacker can cause stack exhaustion and disrupt service...

8.7CVSS7AI score0.00144EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-45322

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the...

6.5CVSS6.7AI score0.00826EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2016-4571

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mxmlwritenode function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service stack consumption via...

7.1CVSS5.7AI score0.01589EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/14 12:0 a.m.4 views

RHEL 7 : libxml2 (RHSA-2025:13789)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13789 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Out-of-bounds Read in...

7.5CVSS6.5AI score0.00527EPSS
Exploits1References5
Rows per page
Query Builder