libxml2 (SUSE:OpenStack Cloud 5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 5 package libxml2, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2016-4448 — CVSS 9.8 (critical): Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown…
CVE-2016-1835 — CVSS 8.8 (high): Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before…
CVE-2016-1762 — CVSS 8.1 (high): The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a…
CVE-2016-1840 — CVSS 7.8 (high): Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before…
CVE-2016-1834 — CVSS 7.8 (high): Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS…
CVE-2015-8806 — CVSS 7.5 (high): dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an…
CVE-2016-3705 — CVSS 7.5 (high): The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the…
CVE-2016-4447 — CVSS 7.5 (high): The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service…
CVE-2016-4483 — CVSS 7.5 (high): The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service…
CVE-2016-4449 — CVSS 7.1 (high): XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in…
CVE-2016-2073 — CVSS 6.5 (medium): The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a…
CVE-2016-1833 — CVSS 5.5 (medium): The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and…
CVE-2016-1838 — CVSS 5.5 (medium): The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before…
CVE-2016-1839 — CVSS 5.5 (medium): The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and…
CVE-2016-1837 — CVSS 5.5 (medium): Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4…