rpm package
almalinux/libxml2-devel
pkg:rpm/almalinux/libxml2-devel
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3541 | — | < 2.9.7-9.el8_4.2 | 2.9.7-9.el8_4.2 | Jul 9, 2021 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | ||
| CVE-2021-3516 | — | < 2.9.7-9.el8_4.2 | 2.9.7-9.el8_4.2 | Jun 1, 2021 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. | ||
| CVE-2021-3517 | — | < 2.9.7-9.el8_4.2 | 2.9.7-9.el8_4.2 | May 19, 2021 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely | ||
| CVE-2021-3518 | — | < 2.9.7-9.el8_4.2 | 2.9.7-9.el8_4.2 | May 18, 2021 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | ||
| CVE-2021-3537 | — | < 2.9.7-9.el8_4.2 | 2.9.7-9.el8_4.2 | May 14, 2021 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applicat |
- CVE-2021-3541Jul 9, 2021affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
- CVE-2021-3516Jun 1, 2021affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
- CVE-2021-3517May 19, 2021affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely
- CVE-2021-3518May 18, 2021affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
- CVE-2021-3537May 14, 2021affected < 2.9.7-9.el8_4.2fixed 2.9.7-9.el8_4.2
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applicat
Page 2 of 2