rpm package
suse/python-libxml2-python&distro=SUSE Linux Enterprise Module for Python 2 15 SP2
pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP2
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3541 | — | < 2.9.7-3.37.1 | 2.9.7-3.37.1 | Jul 9, 2021 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | ||
| CVE-2021-3516 | — | < 2.9.7-3.31.1 | 2.9.7-3.31.1 | Jun 1, 2021 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. | ||
| CVE-2021-3517 | — | < 2.9.7-3.31.1 | 2.9.7-3.31.1 | May 19, 2021 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely | ||
| CVE-2021-3518 | — | < 2.9.7-3.31.1 | 2.9.7-3.31.1 | May 18, 2021 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. | ||
| CVE-2021-3537 | — | < 2.9.7-3.34.1 | 2.9.7-3.34.1 | May 14, 2021 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applicat | ||
| CVE-2020-24977 | — | < 2.9.7-3.25.1 | 2.9.7-3.25.1 | Sep 3, 2020 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | ||
| CVE-2019-19956 | — | < 2.9.7-3.22.1 | 2.9.7-3.22.1 | Dec 24, 2019 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. |
- CVE-2021-3541Jul 9, 2021affected < 2.9.7-3.37.1fixed 2.9.7-3.37.1
A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
- CVE-2021-3516Jun 1, 2021affected < 2.9.7-3.31.1fixed 2.9.7-3.31.1
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
- CVE-2021-3517May 19, 2021affected < 2.9.7-3.31.1fixed 2.9.7-3.31.1
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely
- CVE-2021-3518May 18, 2021affected < 2.9.7-3.31.1fixed 2.9.7-3.31.1
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
- CVE-2021-3537May 14, 2021affected < 2.9.7-3.34.1fixed 2.9.7-3.34.1
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the applicat
- CVE-2020-24977Sep 3, 2020affected < 2.9.7-3.25.1fixed 2.9.7-3.25.1
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
- CVE-2019-19956Dec 24, 2019affected < 2.9.7-3.22.1fixed 2.9.7-3.22.1
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.