libxml2 (SUSE:Linux Enterprise Server 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 package libxml2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (29)
CVE-2015-8710 — CVSS 9.8 (critical): The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service…
CVE-2016-4448 — CVSS 9.8 (critical): Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown…
CVE-2016-1835 — CVSS 8.8 (high): Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before…
CVE-2016-1762 — CVSS 8.1 (high): The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a…
CVE-2016-1840 — CVSS 7.8 (high): Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before…
CVE-2016-1834 — CVSS 7.8 (high): Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS…
CVE-2016-4483 — CVSS 7.5 (high): The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service…
CVE-2015-8806 — CVSS 7.5 (high): dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an…
CVE-2016-3627 — CVSS 7.5 (high): The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to…
CVE-2016-3705 — CVSS 7.5 (high): The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the…
CVE-2016-4447 — CVSS 7.5 (high): The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service…
CVE-2015-5312 — CVSS 7.1 (high): The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows…
CVE-2016-4449 — CVSS 7.1 (high): XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in…
CVE-2015-7942 — CVSS 6.8 (medium): The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid…
CVE-2016-2073 — CVSS 6.5 (medium): The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a…
CVE-2015-8241 — CVSS 6.4 (medium): The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of…
CVE-2015-8242 — CVSS 5.8 (medium): The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers…
CVE-2016-1839 — CVSS 5.5 (medium): The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and…
CVE-2016-1833 — CVSS 5.5 (medium): The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and…
CVE-2016-1837 — CVSS 5.5 (medium): Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4…
CVE-2016-1838 — CVSS 5.5 (medium): The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before…
CVE-2015-7497 — CVSS 5.0 (medium): Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to…
CVE-2015-8317 — CVSS 5.0 (medium): The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an…
CVE-2015-7498 — CVSS 5.0 (medium): Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause…
CVE-2015-7499 — CVSS 5.0 (medium): Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain…
CVE-2015-7500 — CVSS 5.0 (medium): The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service…
CVE-2015-1819 — CVSS 5.0 (medium): The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML…
CVE-2015-7941 — CVSS 4.3 (medium): libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service…
CVE-2015-8035 — CVSS 2.6 (low): The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to…