Lucene search
K

24 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.12.0 : libxml2 (EulerOS-SA-2026-2106)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveU...

6.2CVSS5.8AI score0.00755EPSS
Exploits3References5
UbuntuCve
UbuntuCve
added 2026/01/15 3:15 p.m.7 views

CVE-2026-0990

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

5.9CVSS5.9AI score0.00755EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 9 : libxml2-2.9.13-11.el9_6 (AXSA:2025-10680:11)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10680:11 advisory. libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr CVE-2025-7425 Tenable has extracted the preceding description block directl...

7.8CVSS6.4AI score0.00339EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.3 views

PT-2026-3018

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description An uncontrolled recursion issue exists in libxml2, an XML parsing library, specifically within the xmlCatalogXMLResolveURI function. This occurs when an XML catalog includes a delegate URI...

5.9CVSS5.9AI score0.00755EPSS
Exploits4References81
RedHat Linux
RedHat Linux
added 2025/12/02 2:22 p.m.8 views

Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...

7.5CVSS7.1AI score0.19433EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2025/11/11 12:0 a.m.2 views

RHEL 10 : expat (RHSA-2025:21030)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:21030 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocatio...

7.5CVSS6.4AI score0.01279EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.4 views

libxml2 安全漏洞

libxml2 is a GNOME open source library for parsing XML documents. It is written in C and can be called by many languages, such as C, C++, and XSH. A security vulnerability exists in libxml2 version 2.14.5 and earlier, which stems from an uncontrolled recursion problem...

4.8CVSS4.2AI score0.00155EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2024/12/10 1:42 a.m.243 views

USN-7145-1: Expat vulnerability

It was discovered that Expat did not properly handle its internal state when attempting to resume an unstarted parser. An attacker could use this issue to cause a denial of service application crash...

5.9CVSS7.1AI score0.0104EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.8 views

Vulnerability of the nextScaffoldPart() function (xmlparse.c) in the libexpat XML parsing library, which allows an attacker to cause a service failure or execute arbitrary code.

The vulnerability of the nextScaffoldPart function in the libexpat XML parsing library is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause service failures or execute arbitrary code...

10CVSS7.6AI score0.01393EPSS
Exploits0References12Affected Software7
Vulnrichment
Vulnrichment
added 2024/06/14 2:21 a.m.19 views

CVE-2024-27141 Pre-authenticated Time-Based Blind XXE injection

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity XXE vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication. A...

5.9CVSS6.9AI score0.01115EPSS
Exploits1References4
OSV
OSV
added 2022/11/23 12:15 a.m.3 views

ALPINE-CVE-2022-40303

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

7.5CVSS7.1AI score0.22791EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/10/14 12:0 a.m.2 views

libxml2 资源管理错误漏洞

libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. A resource management error vulnerability exists in libxml2. No information about this vulnerability is available at this time, please stay tuned to CNNVD o...

7.8CVSS6.7AI score0.06782EPSS
Exploits0References42
OSV
OSV
added 2022/05/03 3:15 a.m.4 views

UBUNTU-CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer...

6.5CVSS6.9AI score0.0363EPSS
Exploits5References9
OSV
OSV
added 2022/01/10 2:12 p.m.2 views

ALPINE-CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

8.8CVSS7.1AI score0.02778EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/13 12:0 a.m.3 views

libxml2 输入验证错误漏洞

libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. An input validation error vulnerability exists in libxml2. An attacker can exploit this vulnerability to trigger a denial of service attack...

6.5CVSS7.3AI score0.01861EPSS
Exploits0References40
Tenable Nessus
Tenable Nessus
added 2019/12/30 12:0 a.m.53 views

Debian DLA-2048-1 : libxml2 security update

It was discovered that there was a potential denial of service vulnerability in libxml2, the GNOME XML parsing library. For Debian 8 'Jessie', this issue has been fixed in libxml2 version 2.9.1+dfsg1-5+deb8u8. We recommend that you upgrade your libxml2 packages. NOTE: Tenable Network Security has...

7.5CVSS6.7AI score0.05515EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2019/09/07 12:0 a.m.27 views

Debian: Security Advisory (DLA-1912-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.06643EPSS
Exploits1References3
CNVD
CNVD
added 2018/04/04 12:0 a.m.4 views

libxml Denial of Service Vulnerability

libxml2 is the GNOME project team developed a C-based library for parsing XML documents, which supports multiple encoding formats, Xpath parsing, Well-formed and valid validation. A security vulnerability exists in the 'xzdecomp' function of the xzlib.c file in libxml2 version 2.9.8. A remote...

5.3CVSS8.5AI score0.0244EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2017/12/06 12:54 a.m.15 views

Critical Flaw in Major Android Tools Targets Developers and Reverse Engineers

Finally, here we have a vulnerability that targets Android developers and reverse engineers, instead of app users. Security researchers have discovered an easily-exploitable vulnerability in Android application developer tools, both downloadable and cloud-based, that could allow attackers to stea...

8.5AI score
Exploits0
OSV
OSV
added 2017/11/23 9:29 p.m.6 views

UBUNTU-CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

9.8CVSS7.1AI score0.04278EPSS
Exploits0References3
Rows per page
Query Builder