Known Vulnerabilities for products from Xmlsoft
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Xmlsoft".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23308 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-02-26 | 2023-11-07 |
| CVE-2021-30560 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap co... | 8.8 - HIGH | 2021-08-03 | 2024-03-27 |
| CVE-2021-3541 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms an... | 6.5 - MEDIUM | 2021-07-09 | 2022-03-01 |
| CVE-2021-3537 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed con... | 5.9 - MEDIUM | 2021-05-14 | 2023-11-07 |
| CVE-2021-3518 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an a... | 8.8 - HIGH | 2021-05-18 | 2023-11-07 |
| CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to sup... | 8.6 - HIGH | 2021-05-19 | 2023-11-07 |
| CVE-2021-3516 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be process... | 7.8 - HIGH | 2021-06-01 | 2023-11-07 |
| CVE-2020-24977 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.... | 6.5 - MEDIUM | 2020-09-04 | 2023-11-07 |
| CVE-2020-7595 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | 7.5 - HIGH | 2020-01-21 | 2023-11-07 |
| CVE-2019-20388 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | 7.5 - HIGH | 2020-01-21 | 2023-11-09 |
| CVE-2019-19956 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | 7.5 - HIGH | 2019-12-24 | 2023-11-07 |
| CVE-2019-18197 | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant... | 7.5 - HIGH | 2019-10-18 | 2020-08-24 |
| CVE-2019-13118 | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid... | 5.3 - MEDIUM | 2019-07-01 | 2023-11-07 |
| CVE-2019-13117 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFor... | 5.3 - MEDIUM | 2019-07-01 | 2023-11-07 |
| CVE-2019-11068 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit acc... | 9.8 - CRITICAL | 2019-04-10 | 2023-11-07 |
| CVE-2019-5815 | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap ... | 7.5 - HIGH | 2019-12-11 | 2023-11-07 |
| CVE-2018-14567 | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML... | 6.5 - MEDIUM | 2018-08-16 | 2020-09-10 |
| CVE-2018-14404 | A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when pa... | 7.5 - HIGH | 2018-07-19 | 2020-09-10 |
| CVE-2018-9251 | The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of serv... | 5.3 - MEDIUM | 2018-04-04 | 2019-10-03 |
| CVE-2017-18258 | The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumpt... | 6.5 - MEDIUM | 2018-04-08 | 2020-09-10 |