Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5
CVE-2020-24977
- EPSS 0.55%
- Published 04.09.2020 00:15:10
- Last modified 21.11.2024 05:16:15
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
9.8
CVE-2018-1285
- EPSS 49.81%
- Published 11.05.2020 17:15:10
- Last modified 21.11.2024 03:59:32
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
7.5
CVE-2019-19956
- EPSS 0.15%
- Published 24.12.2019 16:15:11
- Last modified 21.11.2024 04:35:44
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.