CVE-2025-12863
- EPSS 0.07%
- Veröffentlicht 07.11.2025 20:59:35
- Zuletzt bearbeitet 20.11.2025 15:17:23
Rejected reason: This CVE was assigned for a libxml2 issue#1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012#note_2608283
CVE-2025-49794
- EPSS 0.26%
- Veröffentlicht 16.06.2025 15:24:31
- Zuletzt bearbeitet 22.11.2025 03:15:48
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malic...
CVE-2025-6170
- EPSS 0.02%
- Veröffentlicht 16.06.2025 15:24:05
- Zuletzt bearbeitet 03.11.2025 20:19:18
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow...
CVE-2025-49795
- EPSS 0.14%
- Veröffentlicht 16.06.2025 15:19:29
- Zuletzt bearbeitet 27.10.2025 18:15:41
A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.
CVE-2025-49796
- EPSS 0.46%
- Veröffentlicht 16.06.2025 15:14:28
- Zuletzt bearbeitet 22.11.2025 03:15:48
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a d...
CVE-2025-6021
- EPSS 0.58%
- Veröffentlicht 12.06.2025 12:49:16
- Zuletzt bearbeitet 29.11.2025 01:16:03
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
CVE-2024-10306
- EPSS 0.05%
- Veröffentlicht 23.04.2025 09:59:49
- Zuletzt bearbeitet 01.07.2025 03:15:20
A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone...
CVE-2023-44487
- EPSS 94.42%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 07.11.2025 19:00:41
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- EPSS 94.43%
- Veröffentlicht 16.09.2021 15:15:07
- Zuletzt bearbeitet 27.10.2025 17:37:06
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-3541
- EPSS 0.06%
- Veröffentlicht 09.07.2021 17:15:07
- Zuletzt bearbeitet 21.11.2024 06:21:48
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.