|Max CVSS||6.8||Min CVSS||4.3||Total Count||6|
|ID||CVSS||Summary||Last (major) update||Published|
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con
|11-05-2017 - 21:29||09-06-2016 - 12:59|
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing
|07-12-2016 - 22:05||04-11-2014 - 11:55|
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entit
|16-06-2016 - 21:59||25-04-2013 - 19:55|
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute ar
|27-01-2014 - 23:48||27-11-2012 - 20:55|
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|27-01-2014 - 23:45||27-06-2012 - 06:18|
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
|27-01-2014 - 23:42||21-12-2012 - 00:46|