CVE-2022-49043

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free...

CVE-2022-49043

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free...

Ubuntu 24.10 : libxml2 vulnerability (USN-7215-1)

The remote Ubuntu 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7215-1 advisory. Xisco Fauli discovered that libxml2 incorrectly handled custom SAX handlers. A remote attacker could possibly use this issue to perform XML External Entity XXE attack...

Ubuntu: Security Advisory (USN-7215-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7215-1: libxml2 vulnerability

Xisco Fauli discovered that libxml2 incorrectly handled custom SAX handlers. A remote attacker could possibly use this issue to perform XML External Entity XXE attacks...

USN-7215-1 libxml2 vulnerability

Xisco Fauli discovered that libxml2 incorrectly handled custom SAX handlers. A remote attacker could possibly use this issue to perform XML External Entity XXE attacks...

CVE-2016-3709 affecting package libxml2 2.9.14-3

CVE-2016-3709 affecting package libxml2 2.9.14-3. This CVE either no longer is or was never applicable...

Fedora: Security Advisory (FEDORA-2024-9f3765a04b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: libxml2-2.12.9-1.fc40

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

PT-2025-36236

Name of the Vulnerable Software and Affected Versions: libxml2 affected versions not specified Description: libxml2 may be susceptible to a buffer overflow leading to a potential out-of-bounds read. Successful exploitation of this issue could result in local information disclosure without requiri...

Fedora 40 : libxml2 (2024-9f3765a04b)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9f3765a04b advisory. Update to 2.12.9 Fixes CVE-2024-40896 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

PT-2025-25522

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description A memory corruption issue can be triggered in libxml2 by processing certain sch:name elements from an input XML file. This allows an attacker to craft a malicious XML input file, potentially...

PT-2025-25521

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description A NULL pointer dereference issue was discovered in libxml2 when processing XPath XML expressions. This allows an attacker to create malicious XML input, resulting in a denial of service...

PT-2025-25520

Name of the Vulnerable Software and Affected Versions libxml2 versions affected versions not specified Description A use-after-free issue was found in libxml2, occurring when parsing XPath elements under certain circumstances, specifically when the XML schematron contains the "sch:name path" sche...

CVE-2024-40896 affecting package libxml2 for versions less than 2.11.5-2

CVE-2024-40896 affecting package libxml2 for versions less than 2.11.5-2. A patched version of the package is available...

Fedora 41 : libxml2 (2024-867a14de12)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-867a14de12 advisory. Update to 2.12.9 Fixes CVE-2024-40896. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has...

CVE-2024-40896

A flaw was found in libxml2. In the affected versions of libxml2, the SAX parser can generate events for external entities, even if custom SAX handlers try to override entity content by setting it to "checked." This vulnerability allows classic XML External Entity XXE attacks. Mitigation Mitigati...

SUSE CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

CVE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

AZL-54657 CVE-2024-40896 affecting package libxml2 for versions less than 2.11.5-2

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...