CVE-2022-40304

all versions

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially

7.8HIGH

CVE-2022-40303

all versions

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option

7.5HIGH

CVE-2022-2097

all versions

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data

5.3MEDIUM

CVE-2022-1473

all versions

The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the remov

7.5HIGH

CVE-2022-1434

all versions

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key tri

5.9MEDIUM

CVE-2022-1343

all versions

The function OCSP_basic_verify verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCS

5.3MEDIUM

CVE-2022-1292

all versions

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so

7.3HIGH

CVE-2022-29824

all versions

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf) and tree.c (xmlBuffer) don't check for integer ove

6.5MEDIUM

CVE-2022-0778

all versions

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime m

7.5HIGH

CVE-2022-23308

all versions

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5HIGH

CVE-2021-3712

all versions

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string dat

7.4HIGH

CVE-2021-3711

all versions

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an applic

9.8CRITICAL

CVE-2021-3541

all versions

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and lea

6.5MEDIUM

CVE-2021-3516

all versions

There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by

7.8HIGH

CVE-2021-3517

all versions

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a

8.6HIGH

CVE-2021-3518

all versions

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an applic

8.8HIGH

CVE-2021-3537

all versions

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content,

5.9MEDIUM

CVE-2020-1971

all versions

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPar

5.9MEDIUM

CVE-2020-24977

all versions

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The

6.5MEDIUM

CVE-2019-19956

all versions

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc-oldNs.

7.5HIGH

CVE-2019-1559

all versions

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to

5.9MEDIUM

CVE-2016-8610

all versions

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define

7.5HIGH

CVE-2015-8960

all versions

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCe

8.1HIGH