CVE-2021-3537
- EPSS 0.11%
- Veröffentlicht 14.05.2021 20:15:16
- Zuletzt bearbeitet 21.11.2024 06:21:47
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could...
CVE-2020-1971
- EPSS 0.34%
- Veröffentlicht 08.12.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:11:45
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they...
CVE-2020-24977
- EPSS 0.5%
- Veröffentlicht 04.09.2020 00:15:10
- Zuletzt bearbeitet 21.11.2024 05:16:15
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
CVE-2018-1285
- EPSS 49.02%
- Veröffentlicht 11.05.2020 17:15:10
- Zuletzt bearbeitet 21.11.2024 03:59:32
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
CVE-2019-19956
- EPSS 0.15%
- Veröffentlicht 24.12.2019 16:15:11
- Zuletzt bearbeitet 03.12.2025 19:15:50
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.