Known Vulnerabilities for products from Xmlsoft
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Xmlsoft".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23308 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-02-26 | 2022-11-02 |
| CVE-2021-30560 | Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap co... | 8.8 - HIGH | 2021-08-03 | 2022-10-27 |
| CVE-2021-3541 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms an... | 6.5 - MEDIUM | 2021-07-09 | 2022-03-01 |
| CVE-2021-3537 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed con... | 5.9 - MEDIUM | 2021-05-14 | 2023-02-28 |
| CVE-2021-3518 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an a... | 8.8 - HIGH | 2021-05-18 | 2022-10-05 |
| CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to sup... | 8.6 - HIGH | 2021-05-19 | 2022-10-05 |
| CVE-2021-3516 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be process... | 7.8 - HIGH | 2021-06-01 | 2022-03-01 |
| CVE-2020-24977 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c.... | 6.5 - MEDIUM | 2020-09-04 | 2022-07-25 |
| CVE-2020-7595 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | 7.5 - HIGH | 2020-01-21 | 2022-07-25 |
| CVE-2019-20388 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | 7.5 - HIGH | 2020-01-21 | 2022-07-25 |
| CVE-2019-19956 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | 7.5 - HIGH | 2019-12-24 | 2021-07-21 |
| CVE-2019-18197 | In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant... | 7.5 - HIGH | 2019-10-18 | 2020-08-24 |
| CVE-2019-13118 | In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid... | 5.3 - MEDIUM | 2019-07-01 | 2023-04-10 |
| CVE-2019-13117 | In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFor... | 5.3 - MEDIUM | 2019-07-01 | 2023-04-06 |
| CVE-2019-11068 | libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit acc... | 9.8 - CRITICAL | 2019-04-10 | 2023-03-24 |
| CVE-2019-5815 | Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap ... | 7.5 - HIGH | 2019-12-11 | 2022-10-27 |
| CVE-2018-14567 | libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML... | 6.5 - MEDIUM | 2018-08-16 | 2020-09-10 |
| CVE-2018-14404 | A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when pa... | 7.5 - HIGH | 2018-07-19 | 2020-09-10 |
| CVE-2018-9251 | The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of serv... | 5.3 - MEDIUM | 2018-04-04 | 2019-10-03 |
| CVE-2017-18258 | The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumpt... | 6.5 - MEDIUM | 2018-04-08 | 2020-09-10 |
Known software with vulnerabilities from Xmlsoft
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Xmlsoft | Libxml2 | - |
| Application | Xmlsoft | Libxslt | 0.0.1 |
Popular searches for "Xmlsoft"
The XML C parser and toolkit of Gnome
www.xmlsoft.orgxmlsoft.org
www.libxml.org XML GNOME Libxml2 World Wide Web Consortium Parsing Language binding List of toolkits C Markup language Widget toolkit MIT License Free software C (programming language) Source-available software Computing platform Implementation Computer programming MacOS HTML Standardizationlibxslt
xmlsoft.org/XSLTlibxslt Libxslt is the XSLT C library developed for the GNOME project. XSLT itself is a an XML language to define transformation for XML. Libxslt is based on libxml2 the XML C library developed for the GNOME project. It also implements most of the EXSLT set of processor-portable extensions functions and some of Saxon's evaluate and expressions extensions.
freshmeat.sourceforge.net/urls/ac57d9096d7a118714767f1e223e8b1b Libxslt XML XSLT The GNOME Project C standard library Libxml2 Subroutine EXSLT Central processing unit Plug-in (computing) Expression (computer science) Language binding Application programming interface Library (computing) Browser extension Software portability Programming language C (programming language) Portable application Command-line interface