rpm package
opensuse/python-libxml2-python&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/python-libxml2-python&distro=openSUSE%20Leap%2015.2
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3541 | — | < 2.9.7-lp152.10.15.1 | 2.9.7-lp152.10.15.1 | Jul 9, 2021 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | ||
| CVE-2021-3516 | — | < 2.9.7-lp152.10.9.1 | 2.9.7-lp152.10.9.1 | Jun 1, 2021 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. | ||
| CVE-2021-3517 | — | < 2.9.7-lp152.10.9.1 | 2.9.7-lp152.10.9.1 | May 19, 2021 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely | ||
| CVE-2021-3518 | — | < 2.9.7-lp152.10.9.1 | 2.9.7-lp152.10.9.1 | May 18, 2021 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | ||
| CVE-2021-3537 | — | < 2.9.7-lp152.10.12.1 | 2.9.7-lp152.10.12.1 | May 14, 2021 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applicat | ||
| CVE-2020-24977 | — | < 2.9.7-lp152.10.3.1 | 2.9.7-lp152.10.3.1 | Sep 3, 2020 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. |
- CVE-2021-3541Jul 9, 2021affected < 2.9.7-lp152.10.15.1fixed 2.9.7-lp152.10.15.1
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
- CVE-2021-3516Jun 1, 2021affected < 2.9.7-lp152.10.9.1fixed 2.9.7-lp152.10.9.1
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
- CVE-2021-3517May 19, 2021affected < 2.9.7-lp152.10.9.1fixed 2.9.7-lp152.10.9.1
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely
- CVE-2021-3518May 18, 2021affected < 2.9.7-lp152.10.9.1fixed 2.9.7-lp152.10.9.1
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
- CVE-2021-3537May 14, 2021affected < 2.9.7-lp152.10.12.1fixed 2.9.7-lp152.10.12.1
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applicat
- CVE-2020-24977Sep 3, 2020affected < 2.9.7-lp152.10.3.1fixed 2.9.7-lp152.10.3.1
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.