Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-0841 | 5.0 |
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
|
13-02-2023 - 00:23 | 21-12-2012 - 05:46 | |
CVE-2020-7595 | 5.0 |
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
|
25-07-2022 - 18:15 | 21-01-2020 - 23:15 | |
CVE-2018-14567 | 4.3 |
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-201
|
10-09-2020 - 01:15 | 16-08-2018 - 20:29 | |
CVE-2011-2834 | 6.8 |
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
|
08-05-2020 - 18:12 | 19-09-2011 - 12:02 | |
CVE-2011-3919 | 7.5 |
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
07-05-2020 - 19:05 | 07-01-2012 - 11:55 | |
CVE-2015-8710 | 7.5 |
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed H
|
26-02-2020 - 19:19 | 11-04-2016 - 21:59 | |
CVE-2015-1819 | 5.0 |
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
|
27-12-2019 - 16:08 | 14-08-2015 - 18:59 | |
CVE-2013-0338 | 4.3 |
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entit
|
30-10-2018 - 16:27 | 25-04-2013 - 23:55 | |
CVE-2016-4449 | 5.8 |
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource con
|
18-01-2018 - 18:18 | 09-06-2016 - 16:59 | |
CVE-2014-0191 | 4.3 |
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless
|
29-08-2017 - 01:34 | 21-01-2015 - 14:59 | |
CVE-2012-5134 | 6.8 |
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute ar
|
29-08-2017 - 01:32 | 28-11-2012 - 01:55 | |
CVE-2014-3660 | 5.0 |
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing
|
08-12-2016 - 03:05 | 04-11-2014 - 16:55 | |
CVE-2012-2807 | 6.8 |
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
28-01-2014 - 04:45 | 27-06-2012 - 10:18 |