Package Instance

reference_id

RHSA-2025:10630

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:10698

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:10699

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:11580

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:11673

reference_url

reference_id

RHSA-2025:11673

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:11673

reference_url

reference_id

RHSA-2025:12098

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12099

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12199

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12237

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12239

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12240

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12241

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:13267

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13289

reference_url

reference_id

RHSA-2025:13289

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13289

reference_url

https://access.redhat.com/errata/RHSA-2025:13325

reference_id

RHSA-2025:13325

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13325

reference_url

reference_id

RHSA-2025:13335

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13336

reference_url

reference_id

RHSA-2025:13336

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13336

reference_url

https://access.redhat.com/errata/RHSA-2025:14059

reference_id

RHSA-2025:14059

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:14059

reference_url

https://access.redhat.com/errata/RHSA-2025:14396

reference_id

RHSA-2025:14396

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:14396

reference_url

https://access.redhat.com/errata/RHSA-2025:15308

reference_id

RHSA-2025:15308

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:15308

reference_url

https://access.redhat.com/errata/RHSA-2025:15672

reference_id

RHSA-2025:15672

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:15672

reference_url

reference_id

RHSA-2025:19020

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-6021

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27jd-t23h-73f4

url VCID-31w8-13b6-8beh

vulnerability_id VCID-31w8-13b6-8beh

summary libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24928

reference_id

reference_type

scores

value	0.00235
scoring_system	epss
scoring_elements	0.46331
published_at	2026-04-02T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46418
published_at	2026-04-16T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46355
published_at	2026-04-08T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46356
published_at	2026-04-09T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46379
published_at	2026-04-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46351
published_at	2026-04-12T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46361
published_at	2026-04-13T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46352
published_at	2026-04-04T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.463
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24928

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321
reference_id	1098321
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2346421
reference_id	2346421
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2346421

reference_url

https://issues.oss-fuzz.com/issues/392687022

reference_id

392687022

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/

url

https://issues.oss-fuzz.com/issues/392687022

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

reference_id

847

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

reference_url	https://access.redhat.com/errata/RHSA-2025:2482
reference_id	RHSA-2025:2482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2482

reference_url	https://access.redhat.com/errata/RHSA-2025:2483
reference_id	RHSA-2025:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2483

reference_url	https://access.redhat.com/errata/RHSA-2025:2507
reference_id	RHSA-2025:2507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2507

reference_url	https://access.redhat.com/errata/RHSA-2025:2513
reference_id	RHSA-2025:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2513

reference_url	https://access.redhat.com/errata/RHSA-2025:2654
reference_id	RHSA-2025:2654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2654

reference_url	https://access.redhat.com/errata/RHSA-2025:2660
reference_id	RHSA-2025:2660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2660

reference_url	https://access.redhat.com/errata/RHSA-2025:2673
reference_id	RHSA-2025:2673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2673

reference_url	https://access.redhat.com/errata/RHSA-2025:2678
reference_id	RHSA-2025:2678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2678

reference_url	https://access.redhat.com/errata/RHSA-2025:2679
reference_id	RHSA-2025:2679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2679

reference_url	https://access.redhat.com/errata/RHSA-2025:2686
reference_id	RHSA-2025:2686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2686

reference_url	https://access.redhat.com/errata/RHSA-2025:2789
reference_id	RHSA-2025:2789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2789

reference_url	https://access.redhat.com/errata/RHSA-2025:3055
reference_id	RHSA-2025:3055
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3055

reference_url	https://access.redhat.com/errata/RHSA-2025:3368
reference_id	RHSA-2025:3368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3368

reference_url	https://access.redhat.com/errata/RHSA-2025:3397
reference_id	RHSA-2025:3397
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3397

reference_url	https://access.redhat.com/errata/RHSA-2025:3453
reference_id	RHSA-2025:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3453

reference_url	https://access.redhat.com/errata/RHSA-2025:3569
reference_id	RHSA-2025:3569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3569

reference_url	https://access.redhat.com/errata/RHSA-2025:3775
reference_id	RHSA-2025:3775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3775

reference_url	https://access.redhat.com/errata/RHSA-2025:3780
reference_id	RHSA-2025:3780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3780

reference_url	https://access.redhat.com/errata/RHSA-2025:3867
reference_id	RHSA-2025:3867
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3867

reference_url	https://access.redhat.com/errata/RHSA-2025:4005
reference_id	RHSA-2025:4005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4005

reference_url	https://access.redhat.com/errata/RHSA-2025:9895
reference_id	RHSA-2025:9895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9895

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-24928

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31w8-13b6-8beh

url VCID-464a-typa-7qbu

vulnerability_id VCID-464a-typa-7qbu

summary libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6170

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10121
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10061
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10087
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09984
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10161
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10028
published_at	2026-04-02T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30679
published_at	2026-04-16T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30698
published_at	2026-04-12T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30654
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938
reference_id	1107938
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2372952

reference_id

2372952

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2372952

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/941

reference_id

941

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/941

reference_url

reference_id

AVG-2898

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2025-6170

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

reference_id

CVE-2025-6170

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://access.redhat.com/security/cve/CVE-2025-6170

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-6170

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-464a-typa-7qbu

url VCID-4m3j-qy8c-4uhk

vulnerability_id VCID-4m3j-qy8c-4uhk

summary NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2309

reference_id

reference_type

scores

value	0.00868
scoring_system	epss
scoring_elements	0.75193
published_at	2026-04-16T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75167
published_at	2026-04-12T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75189
published_at	2026-04-11T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75168
published_at	2026-04-09T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75155
published_at	2026-04-13T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75121
published_at	2026-04-07T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75144
published_at	2026-04-04T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75114
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2309

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-wrxv-2j5q-m38w

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-wrxv-2j5q-m38w

reference_url

https://github.com/lxml/lxml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lxml/lxml

reference_url

https://github.com/lxml/lxml/blob/master/CHANGES.txt

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lxml/lxml/blob/master/CHANGES.txt

reference_url

https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml

reference_url

https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2309

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2309

reference_url

https://security.gentoo.org/glsa/202208-06

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202208-06

reference_url

https://security.netapp.com/advisory/ntap-20220915-0006

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0006

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766
reference_id	1014766
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991
reference_id	1039991
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107571
reference_id	2107571
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107571

reference_url	https://access.redhat.com/errata/RHSA-2022:8226
reference_id	RHSA-2022:8226
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8226

reference_url	https://usn.ubuntu.com/5760-1/
reference_id	USN-5760-1
reference_type
scores
url	https://usn.ubuntu.com/5760-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2022-2309, GHSA-wrxv-2j5q-m38w, PYSEC-2022-230

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4m3j-qy8c-4uhk

url VCID-74y5-vcxn-2ygr

vulnerability_id VCID-74y5-vcxn-2ygr

summary libxml: Heap use after free (UAF) leads to Denial of service (DoS)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49794

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.31508
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31549
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31368
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31421
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31452
published_at	2026-04-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31455
published_at	2026-04-11T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63469
published_at	2026-04-12T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63434
published_at	2026-04-13T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63467
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755
reference_id	1107755
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2372373

reference_id

2372373

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2372373

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/931

reference_id

931

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/931

reference_url

reference_id

AVG-2898

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2025-49794

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9
reference_id	cpe:/a:redhat:cert_manager:1.16::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9
reference_id	cpe:/a:redhat:insights_proxy:1.5::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
reference_id	cpe:/a:redhat:openshift:4.12::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id	cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id	cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9
reference_id	cpe:/a:redhat:openshift:4.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9
reference_id	cpe:/a:redhat:openshift:4.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9
reference_id	cpe:/a:redhat:openshift:4.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9
reference_id	cpe:/a:redhat:openshift:4.20::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_id	cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8
reference_id	cpe:/a:redhat:openshift_serverless:1.36::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_id	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9
reference_id	cpe:/a:redhat:webterminal:1.11::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9
reference_id	cpe:/a:redhat:webterminal:1.12::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
reference_id	cpe:/o:redhat:enterprise_linux:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
reference_id	cpe:/o:redhat:enterprise_linux:8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
reference_id	cpe:/o:redhat:enterprise_linux:9::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
reference_id	cpe:/o:redhat:rhel_els:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
reference_id	cpe:/o:redhat:rhel_eus:9.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_id	cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos

reference_url

reference_id

CVE-2025-49794

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://access.redhat.com/security/cve/CVE-2025-49794

reference_url

reference_id

RHSA-2025:10630

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:10698

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:10699

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:11580

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12098

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12099

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12199

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12237

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12239

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12240

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12241

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:13335

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:15827

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:15828

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:18219

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:19020

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:21913

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2026:0934

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-49794

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74y5-vcxn-2ygr

url VCID-782a-uast-nbch

vulnerability_id VCID-782a-uast-nbch

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20388

reference_id

reference_type

scores

value	0.00614
scoring_system	epss
scoring_elements	0.69877
published_at	2026-04-12T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69892
published_at	2026-04-11T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69805
published_at	2026-04-07T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69904
published_at	2026-04-16T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69863
published_at	2026-04-13T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69869
published_at	2026-04-09T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69853
published_at	2026-04-08T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70255
published_at	2026-04-02T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70272
published_at	2026-04-04T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70243
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20388

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1799734
reference_id	1799734
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1799734

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_id

545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url

https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583
reference_id	949583
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-20388
reference_id	CVE-2019-20388
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-20388

reference_url

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2019-20388

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-782a-uast-nbch

url VCID-7bpp-2hvk-2udv

vulnerability_id VCID-7bpp-2hvk-2udv

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-24977

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.65987
published_at	2026-04-07T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66036
published_at	2026-04-08T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66048
published_at	2026-04-09T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66067
published_at	2026-04-11T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66054
published_at	2026-04-12T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66024
published_at	2026-04-13T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66619
published_at	2026-04-02T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66645
published_at	2026-04-04T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.6658
published_at	2026-04-01T12:55:00Z

value	0.0054
scoring_system	epss
scoring_elements	0.67656
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-24977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

reference_url	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/

reference_url	https://security.netapp.com/advisory/ntap-20200924-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200924-0001/

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1877788
reference_id	1877788
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1877788

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529
reference_id	969529
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-24977
reference_id	CVE-2020-24977
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-24977

reference_url	https://security.gentoo.org/glsa/202107-05
reference_id	GLSA-202107-05
reference_type
scores
url	https://security.gentoo.org/glsa/202107-05

reference_url	https://access.redhat.com/errata/RHSA-2021:1597
reference_id	RHSA-2021:1597
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1597

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2020-24977

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bpp-2hvk-2udv

url VCID-8d2w-3c3p-zqaz

vulnerability_id VCID-8d2w-3c3p-zqaz

summary libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34459

reference_id

reference_type

scores

value	0.0078
scoring_system	epss
scoring_elements	0.7372
published_at	2026-04-16T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73635
published_at	2026-04-02T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73659
published_at	2026-04-04T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73632
published_at	2026-04-07T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73667
published_at	2026-04-08T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.7368
published_at	2026-04-09T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73702
published_at	2026-04-11T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73685
published_at	2026-04-12T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73676
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162
reference_id	1071162
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2280532
reference_id	2280532
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2280532

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/

reference_id

5HVUXKYTBWT3G5DEEQX62STJQBY367NL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/

reference_id

INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/

reference_url	https://usn.ubuntu.com/7240-1/
reference_id	USN-7240-1
reference_type
scores
url	https://usn.ubuntu.com/7240-1/

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8

reference_id

v2.11.8

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7

reference_id

v2.12.7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/

reference_id

VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2024-34459

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8d2w-3c3p-zqaz

url VCID-9hqf-12yh-bkc8

vulnerability_id VCID-9hqf-12yh-bkc8

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3518

reference_id

reference_type

scores

value	0.0025
scoring_system	epss
scoring_elements	0.48448
published_at	2026-04-16T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48398
published_at	2026-04-13T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48386
published_at	2026-04-12T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48412
published_at	2026-04-11T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48388
published_at	2026-04-09T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48339
published_at	2026-04-07T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48394
published_at	2026-04-08T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49056
published_at	2026-04-01T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49118
published_at	2026-04-04T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.4909
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3518

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1954242

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1954242

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518

reference_url

http://seclists.org/fulldisclosure/2021/Jul/54

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/54

reference_url

http://seclists.org/fulldisclosure/2021/Jul/55

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/55

reference_url

http://seclists.org/fulldisclosure/2021/Jul/58

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/58

reference_url

http://seclists.org/fulldisclosure/2021/Jul/59

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/59

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3518

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3518

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_url	https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210625-0002/

reference_url

https://support.apple.com/kb/HT212601

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212601

reference_url

https://support.apple.com/kb/HT212602

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212602

reference_url

https://support.apple.com/kb/HT212604

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212604

reference_url

https://support.apple.com/kb/HT212605

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212605

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737
reference_id	987737
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-v4f8-2847-rwm7

reference_url

reference_id

GHSA-v4f8-2847-rwm7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v4f8-2847-rwm7

reference_url

reference_id

GLSA-202107-05

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3518, GHSA-v4f8-2847-rwm7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hqf-12yh-bkc8

url VCID-aasn-u7fd-8bhy

vulnerability_id VCID-aasn-u7fd-8bhy

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39615

reference_id

reference_type

scores

value	0.00117
scoring_system	epss
scoring_elements	0.30629
published_at	2026-04-16T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30649
published_at	2026-04-12T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30604
published_at	2026-04-13T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32184
published_at	2026-04-09T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32187
published_at	2026-04-11T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34276
published_at	2026-04-04T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34244
published_at	2026-04-02T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36251
published_at	2026-04-07T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.363
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39615

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/535

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:25:30Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/535

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230
reference_id	1051230
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2235864
reference_id	2235864
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2235864

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-39615
reference_id	CVE-2023-39615
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-39615

reference_url	https://access.redhat.com/errata/RHSA-2023:7544
reference_id	RHSA-2023:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7544

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2023:7747
reference_id	RHSA-2023:7747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7747

reference_url	https://access.redhat.com/errata/RHSA-2024:0119
reference_id	RHSA-2024:0119
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0119

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:1477
reference_id	RHSA-2024:1477
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1477

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2023-39615

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aasn-u7fd-8bhy

url VCID-ahha-vnq4-7qd2

vulnerability_id VCID-ahha-vnq4-7qd2

summary libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9714

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.00812
published_at	2026-04-04T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00905
published_at	2026-04-16T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00912
published_at	2026-04-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00907
published_at	2026-04-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00909
published_at	2026-04-13T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00924
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00927
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9714

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2392605
reference_id	2392605
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2392605

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21

reference_id

677a42645ef22b5a50741bad5facf9d8a8bc6d21

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T18:46:42Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21

reference_url	https://access.redhat.com/errata/RHSA-2025:22162
reference_id	RHSA-2025:22162
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22162

reference_url	https://access.redhat.com/errata/RHSA-2025:22163
reference_id	RHSA-2025:22163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22163

reference_url	https://access.redhat.com/errata/RHSA-2025:22177
reference_id	RHSA-2025:22177
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22177

reference_url	https://access.redhat.com/errata/RHSA-2025:22376
reference_id	RHSA-2025:22376
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22376

reference_url	https://access.redhat.com/errata/RHSA-2025:22377
reference_id	RHSA-2025:22377
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22377

reference_url	https://access.redhat.com/errata/RHSA-2025:22868
reference_id	RHSA-2025:22868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22868

reference_url	https://access.redhat.com/errata/RHSA-2025:23202
reference_id	RHSA-2025:23202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23202

reference_url	https://access.redhat.com/errata/RHSA-2025:23204
reference_id	RHSA-2025:23204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23204

reference_url	https://access.redhat.com/errata/RHSA-2025:23205
reference_id	RHSA-2025:23205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23205

reference_url	https://access.redhat.com/errata/RHSA-2025:23209
reference_id	RHSA-2025:23209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23209

reference_url	https://access.redhat.com/errata/RHSA-2025:23227
reference_id	RHSA-2025:23227
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23227

reference_url	https://access.redhat.com/errata/RHSA-2025:23234
reference_id	RHSA-2025:23234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23234

reference_url	https://access.redhat.com/errata/RHSA-2025:23449
reference_id	RHSA-2025:23449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23449

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0677
reference_id	RHSA-2026:0677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0677

reference_url	https://access.redhat.com/errata/RHSA-2026:0702
reference_id	RHSA-2026:0702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0702

reference_url	https://access.redhat.com/errata/RHSA-2026:0978
reference_id	RHSA-2026:0978
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0978

reference_url	https://access.redhat.com/errata/RHSA-2026:0980
reference_id	RHSA-2026:0980
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0980

reference_url	https://access.redhat.com/errata/RHSA-2026:0985
reference_id	RHSA-2026:0985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0985

reference_url	https://access.redhat.com/errata/RHSA-2026:0996
reference_id	RHSA-2026:0996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0996

reference_url	https://access.redhat.com/errata/RHSA-2026:1539
reference_id	RHSA-2026:1539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1539

reference_url	https://access.redhat.com/errata/RHSA-2026:1541
reference_id	RHSA-2026:1541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1541

reference_url	https://access.redhat.com/errata/RHSA-2026:1652
reference_id	RHSA-2026:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1652

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://usn.ubuntu.com/7743-1/
reference_id	USN-7743-1
reference_type
scores
url	https://usn.ubuntu.com/7743-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-9714

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahha-vnq4-7qd2

url VCID-azzy-m5pc-qudn

vulnerability_id VCID-azzy-m5pc-qudn

summary

Loop with Unreachable Exit Condition ('Infinite Loop')
parser.c in libxml2 does not prevent infinite recursion in parameter entities.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16932

reference_id

reference_type

scores

value	0.21989
scoring_system	epss
scoring_elements	0.95784
published_at	2026-04-16T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95774
published_at	2026-04-13T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95772
published_at	2026-04-12T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95773
published_at	2026-04-11T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95769
published_at	2026-04-09T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95766
published_at	2026-04-08T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95757
published_at	2026-04-07T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95755
published_at	2026-04-04T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95747
published_at	2026-04-02T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95738
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16932

reference_url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=759579

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=759579

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

http://xmlsoft.org/news.html

reference_url	https://usn.ubuntu.com/usn/usn-3504-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/usn/usn-3504-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1517316
reference_id	1517316
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1517316

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613
reference_id	882613
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16932

reference_id

CVE-2017-16932

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16932

reference_url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html
reference_id	CVE-2017-16932.HTML
reference_type
scores
url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html

reference_url

https://github.com/advisories/GHSA-x2fm-93ww-ggvx

reference_id

GHSA-x2fm-93ww-ggvx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x2fm-93ww-ggvx

reference_url	https://usn.ubuntu.com/3504-1/
reference_id	USN-3504-1
reference_type
scores
url	https://usn.ubuntu.com/3504-1/

reference_url	https://usn.ubuntu.com/3504-2/
reference_id	USN-3504-2
reference_type
scores
url	https://usn.ubuntu.com/3504-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2017-16932, GHSA-x2fm-93ww-ggvx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azzy-m5pc-qudn

url VCID-bejh-22y7-kuh6

vulnerability_id VCID-bejh-22y7-kuh6

summary

NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

references

reference_url

https://access.redhat.com/errata/RHSA-2019:1543

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://access.redhat.com/errata/RHSA-2019:1543

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14404

reference_id

reference_type

scores

value	0.18492
scoring_system	epss
scoring_elements	0.95206
published_at	2026-04-01T12:55:00Z

value	0.18492
scoring_system	epss
scoring_elements	0.95218
published_at	2026-04-02T12:55:00Z

value	0.18492
scoring_system	epss
scoring_elements	0.9522
published_at	2026-04-04T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95464
published_at	2026-04-09T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95478
published_at	2026-04-16T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95469
published_at	2026-04-13T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95468
published_at	2026-04-12T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95461
published_at	2026-04-08T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95454
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14404

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1595985

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1595985

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1785

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1785

reference_url

https://gitlab.gnome.org/GNOME/libxml2/issues/10

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://gitlab.gnome.org/GNOME/libxml2/issues/10

reference_url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20190719-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190719-0002

reference_url

https://security.netapp.com/advisory/ntap-20190719-0002/

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://security.netapp.com/advisory/ntap-20190719-0002/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://usn.ubuntu.com/3739-2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3739-2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14404

reference_id

CVE-2018-14404

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14404

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml

reference_id

CVE-2018-14404.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml

reference_url

https://github.com/advisories/GHSA-6qvp-r6r3-9p7h

reference_id

GHSA-6qvp-r6r3-9p7h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6qvp-r6r3-9p7h

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

reference_url	https://access.redhat.com/errata/RHSA-2020:1827
reference_id	RHSA-2020:1827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1827

reference_url

reference_id

USN-3739-2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2018-14404, GHSA-6qvp-r6r3-9p7h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6

url VCID-bz1e-1ypb-kkgg

vulnerability_id VCID-bz1e-1ypb-kkgg

summary libxml: Type confusion leads to Denial of service (DoS)

references

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49796

reference_id

reference_type

scores

value	0.00496
scoring_system	epss
scoring_elements	0.65756
published_at	2026-04-07T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.6584
published_at	2026-04-11T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65761
published_at	2026-04-02T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.6582
published_at	2026-04-09T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65809
published_at	2026-04-08T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65791
published_at	2026-04-04T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.82724
published_at	2026-04-16T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.82689
published_at	2026-04-12T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.82685
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752
reference_id	1107752
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

reference_id

2372385

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/933

reference_id

933

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/933

reference_url

reference_id

AVG-2898

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2025-49796

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9
reference_id	cpe:/a:redhat:cert_manager:1.16::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9
reference_id	cpe:/a:redhat:discovery:2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9
reference_id	cpe:/a:redhat:insights_proxy:1.5::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
reference_id	cpe:/a:redhat:openshift:4.12::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id	cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id	cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9
reference_id	cpe:/a:redhat:openshift:4.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9
reference_id	cpe:/a:redhat:openshift:4.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9
reference_id	cpe:/a:redhat:openshift:4.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9
reference_id	cpe:/a:redhat:openshift:4.20::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_id	cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8
reference_id	cpe:/a:redhat:openshift_serverless:1.36::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_id	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9
reference_id	cpe:/a:redhat:webterminal:1.11::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9
reference_id	cpe:/a:redhat:webterminal:1.12::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
reference_id	cpe:/o:redhat:enterprise_linux:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
reference_id	cpe:/o:redhat:enterprise_linux:8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
reference_id	cpe:/o:redhat:enterprise_linux:9::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
reference_id	cpe:/o:redhat:rhel_els:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
reference_id	cpe:/o:redhat:rhel_eus:9.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_id	cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos

reference_url

reference_id

CVE-2025-49796

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://access.redhat.com/security/cve/CVE-2025-49796

reference_url

reference_id

RHSA-2025:10630

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:10698

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:10699

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:11580

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12098

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12099

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12199

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12237

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12239

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12240

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12241

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:13267

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:13335

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:15827

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:15828

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:18219

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:19020

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:21913

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2026:0934

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-49796

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz1e-1ypb-kkgg

url VCID-c9ds-faa9-t7be

vulnerability_id VCID-c9ds-faa9-t7be

summary libxml2: Use-After-Free in libxml2

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-56171

reference_id

reference_type

scores

value	0.00183
scoring_system	epss
scoring_elements	0.40048
published_at	2026-04-16T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40054
published_at	2026-04-11T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40017
published_at	2026-04-12T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.39997
published_at	2026-04-13T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40029
published_at	2026-04-02T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40055
published_at	2026-04-04T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.39977
published_at	2026-04-07T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.4003
published_at	2026-04-08T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40044
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-56171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320
reference_id	1098320
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2346416
reference_id	2346416
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2346416

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

reference_id

828

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T16:26:31Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

reference_url	https://access.redhat.com/errata/RHSA-2025:2482
reference_id	RHSA-2025:2482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2482

reference_url	https://access.redhat.com/errata/RHSA-2025:2483
reference_id	RHSA-2025:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2483

reference_url	https://access.redhat.com/errata/RHSA-2025:2507
reference_id	RHSA-2025:2507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2507

reference_url	https://access.redhat.com/errata/RHSA-2025:2513
reference_id	RHSA-2025:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2513

reference_url	https://access.redhat.com/errata/RHSA-2025:2654
reference_id	RHSA-2025:2654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2654

reference_url	https://access.redhat.com/errata/RHSA-2025:2660
reference_id	RHSA-2025:2660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2660

reference_url	https://access.redhat.com/errata/RHSA-2025:2673
reference_id	RHSA-2025:2673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2673

reference_url	https://access.redhat.com/errata/RHSA-2025:2678
reference_id	RHSA-2025:2678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2678

reference_url	https://access.redhat.com/errata/RHSA-2025:2679
reference_id	RHSA-2025:2679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2679

reference_url	https://access.redhat.com/errata/RHSA-2025:2686
reference_id	RHSA-2025:2686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2686

reference_url	https://access.redhat.com/errata/RHSA-2025:2789
reference_id	RHSA-2025:2789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2789

reference_url	https://access.redhat.com/errata/RHSA-2025:3055
reference_id	RHSA-2025:3055
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3055

reference_url	https://access.redhat.com/errata/RHSA-2025:3059
reference_id	RHSA-2025:3059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3059

reference_url	https://access.redhat.com/errata/RHSA-2025:3066
reference_id	RHSA-2025:3066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3066

reference_url	https://access.redhat.com/errata/RHSA-2025:3368
reference_id	RHSA-2025:3368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3368

reference_url	https://access.redhat.com/errata/RHSA-2025:3397
reference_id	RHSA-2025:3397
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3397

reference_url	https://access.redhat.com/errata/RHSA-2025:3453
reference_id	RHSA-2025:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3453

reference_url	https://access.redhat.com/errata/RHSA-2025:3569
reference_id	RHSA-2025:3569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3569

reference_url	https://access.redhat.com/errata/RHSA-2025:3867
reference_id	RHSA-2025:3867
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3867

reference_url	https://access.redhat.com/errata/RHSA-2025:4005
reference_id	RHSA-2025:4005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4005

reference_url	https://access.redhat.com/errata/RHSA-2025:9895
reference_id	RHSA-2025:9895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9895

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2024-56171

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ds-faa9-t7be

url VCID-cbm2-cez4-bqgh

vulnerability_id VCID-cbm2-cez4-bqgh

summary

Use After Free
`valid.c` in libxml2 before 2.9.13 has a use-after-free of `ID` and `IDREF` attributes.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23308

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.1545
published_at	2026-04-16T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15656
published_at	2026-04-09T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15623
published_at	2026-04-11T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15588
published_at	2026-04-12T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15524
published_at	2026-04-13T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15515
published_at	2026-04-07T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15601
published_at	2026-04-08T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16267
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16327
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23308

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
reference_id
reference_type
scores
url	https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e

reference_url	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489
reference_id	1006489
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2056913
reference_id	2056913
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2056913

reference_url

reference_id

AVG-2726

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-23308
reference_id	CVE-2022-23308
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-23308

reference_url	https://security.gentoo.org/glsa/202210-03
reference_id	GLSA-202210-03
reference_type
scores
url	https://security.gentoo.org/glsa/202210-03

reference_url	https://access.redhat.com/errata/RHSA-2022:0899
reference_id	RHSA-2022:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0899

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/5324-1/
reference_id	USN-5324-1
reference_type
scores
url	https://usn.ubuntu.com/5324-1/

reference_url	https://usn.ubuntu.com/5422-1/
reference_id	USN-5422-1
reference_type
scores
url	https://usn.ubuntu.com/5422-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-23308

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbm2-cez4-bqgh

url VCID-d68t-f8j1-h3am

vulnerability_id VCID-d68t-f8j1-h3am

summary

Use After Free
When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25062

reference_id

reference_type

scores

value	0.00165
scoring_system	epss
scoring_elements	0.37591
published_at	2026-04-16T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37581
published_at	2026-04-08T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37594
published_at	2026-04-09T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37608
published_at	2026-04-11T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37574
published_at	2026-04-12T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37547
published_at	2026-04-13T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37627
published_at	2026-04-02T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37651
published_at	2026-04-04T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37529
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T17:35:33Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234
reference_id	1063234
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2262726
reference_id	2262726
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2262726

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:2679
reference_id	RHSA-2024:2679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2679

reference_url	https://access.redhat.com/errata/RHSA-2024:3299
reference_id	RHSA-2024:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3299

reference_url	https://access.redhat.com/errata/RHSA-2024:3303
reference_id	RHSA-2024:3303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3303

reference_url	https://access.redhat.com/errata/RHSA-2024:3625
reference_id	RHSA-2024:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3625

reference_url	https://access.redhat.com/errata/RHSA-2024:3626
reference_id	RHSA-2024:3626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3626

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/tags

reference_id

tags

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/tags

reference_url	https://usn.ubuntu.com/5760-1/
reference_id	USN-5760-1
reference_type
scores
url	https://usn.ubuntu.com/5760-1/

reference_url	https://usn.ubuntu.com/5760-2/
reference_id	USN-5760-2
reference_type
scores
url	https://usn.ubuntu.com/5760-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-40304

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eb6k-ppfd-m7a3

url VCID-ek5d-m9pn-3fec

vulnerability_id VCID-ek5d-m9pn-3fec

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3517

reference_id

reference_type

scores

value	0.00107
scoring_system	epss
scoring_elements	0.28862
published_at	2026-04-16T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2884
published_at	2026-04-13T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28891
published_at	2026-04-12T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28934
published_at	2026-04-11T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2893
published_at	2026-04-09T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28889
published_at	2026-04-08T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28821
published_at	2026-04-07T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29427
published_at	2026-04-02T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29358
published_at	2026-04-01T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29474
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3517

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579

reference_url

https://github.com/sparklemotion/nokogiri/issues/2233

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/2233

reference_url

https://github.com/sparklemotion/nokogiri/issues/2274

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/2274

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

reference_url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3517

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3517

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002/

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://security.netapp.com/advisory/ntap-20210625-0002/

reference_url

https://security.netapp.com/advisory/ntap-20211022-0004

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20211022-0004

reference_url

https://security.netapp.com/advisory/ntap-20211022-0004/

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://security.netapp.com/advisory/ntap-20211022-0004/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738
reference_id	987738
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

reference_id

BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://github.com/advisories/GHSA-jw9f-hh49-cvp9

reference_id

GHSA-jw9f-hh49-cvp9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jw9f-hh49-cvp9

reference_url

reference_id

GLSA-202107-05

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

reference_id

QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3517, GHSA-jw9f-hh49-cvp9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek5d-m9pn-3fec

url VCID-hafa-bcpu-8uaj

vulnerability_id VCID-hafa-bcpu-8uaj

summary libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27113

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26313
published_at	2026-04-02T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.2615
published_at	2026-04-16T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26249
published_at	2026-04-11T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26204
published_at	2026-04-12T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26146
published_at	2026-04-13T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26354
published_at	2026-04-04T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26127
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26194
published_at	2026-04-08T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26242
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27113

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322
reference_id	1098322
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2346410
reference_id	2346410
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2346410

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/861

reference_id

861

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:33:43Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/861

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-27113

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hafa-bcpu-8uaj

url VCID-nuh8-qd25-ykan

vulnerability_id VCID-nuh8-qd25-ykan

summary libxml2: Incorrect server side include parsing can lead to XSS

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3709

reference_id

reference_type

scores

value	0.00139
scoring_system	epss
scoring_elements	0.33794
published_at	2026-04-01T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34132
published_at	2026-04-02T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34164
published_at	2026-04-04T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34024
published_at	2026-04-07T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34067
published_at	2026-04-08T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45499
published_at	2026-04-09T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45519
published_at	2026-04-11T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45489
published_at	2026-04-12T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45494
published_at	2026-04-13T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45542
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2112766
reference_id	2112766
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2112766

reference_url	https://access.redhat.com/errata/RHSA-2022:7715
reference_id	RHSA-2022:7715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7715

reference_url	https://access.redhat.com/errata/RHSA-2023:4767
reference_id	RHSA-2023:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4767

reference_url	https://usn.ubuntu.com/5548-1/
reference_id	USN-5548-1
reference_type
scores
url	https://usn.ubuntu.com/5548-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2016-3709

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuh8-qd25-ykan

url VCID-pdv9-xrh8-d3fz

vulnerability_id VCID-pdv9-xrh8-d3fz

summary

Use After Free
This advisory has been marked as False Positive and removed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45322

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22953
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22857
published_at	2026-04-16T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22916
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22937
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.229
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22843
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22997
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22789
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22864
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45322

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

reference_url

http://www.openwall.com/lists/oss-security/2023/10/06/5

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/

url

http://www.openwall.com/lists/oss-security/2023/10/06/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629
reference_id	1053629
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2242945
reference_id	2242945
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2242945

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-45322
reference_id	CVE-2023-45322
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-45322

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2023-45322

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdv9-xrh8-d3fz

url VCID-qh44-gavt-rbdw

vulnerability_id VCID-qh44-gavt-rbdw

summary libxml: use-after-free in xmlXIncludeAddNode

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-49043

reference_id

reference_type

scores

value	0.00222
scoring_system	epss
scoring_elements	0.448
published_at	2026-04-02T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44857
published_at	2026-04-16T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44813
published_at	2026-04-08T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44816
published_at	2026-04-09T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44832
published_at	2026-04-11T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44802
published_at	2026-04-12T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44803
published_at	2026-04-13T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44821
published_at	2026-04-04T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44761
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-49043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238
reference_id	1094238
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238

reference_url

https://github.com/php/php-src/issues/17467

reference_id

17467

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/

url

https://github.com/php/php-src/issues/17467

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342118
reference_id	2342118
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342118

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

reference_id

5a19e21605398cef6a8b1452477a8705cb41562b

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

reference_url	https://access.redhat.com/errata/RHSA-2025:1350
reference_id	RHSA-2025:1350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1350

reference_url	https://access.redhat.com/errata/RHSA-2025:1487
reference_id	RHSA-2025:1487
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1487

reference_url	https://access.redhat.com/errata/RHSA-2025:1516
reference_id	RHSA-2025:1516
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1516

reference_url	https://access.redhat.com/errata/RHSA-2025:1517
reference_id	RHSA-2025:1517
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1517

reference_url	https://access.redhat.com/errata/RHSA-2025:1925
reference_id	RHSA-2025:1925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1925

reference_url	https://access.redhat.com/errata/RHSA-2025:2507
reference_id	RHSA-2025:2507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2507

reference_url	https://access.redhat.com/errata/RHSA-2025:2678
reference_id	RHSA-2025:2678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2678

reference_url	https://access.redhat.com/errata/RHSA-2025:3775
reference_id	RHSA-2025:3775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3775

reference_url	https://access.redhat.com/errata/RHSA-2025:4409
reference_id	RHSA-2025:4409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4409

reference_url	https://access.redhat.com/errata/RHSA-2025:4422
reference_id	RHSA-2025:4422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4422

reference_url	https://access.redhat.com/errata/RHSA-2025:4677
reference_id	RHSA-2025:4677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4677

reference_url	https://access.redhat.com/errata/RHSA-2025:7702
reference_id	RHSA-2025:7702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7702

reference_url	https://usn.ubuntu.com/7240-1/
reference_id	USN-7240-1
reference_type
scores
url	https://usn.ubuntu.com/7240-1/

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2022-49043

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qh44-gavt-rbdw

url VCID-qp6y-dt1j-97df

vulnerability_id VCID-qp6y-dt1j-97df

summary libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32415

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21953
published_at	2026-04-02T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.2182
published_at	2026-04-16T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21915
published_at	2026-04-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21874
published_at	2026-04-12T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21817
published_at	2026-04-13T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.22006
published_at	2026-04-04T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21771
published_at	2026-04-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21848
published_at	2026-04-08T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21904
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511
reference_id	1103511
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2360768
reference_id	2360768
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2360768

reference_url	https://access.redhat.com/errata/RHSA-2025:13203
reference_id	RHSA-2025:13203
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13203

reference_url	https://access.redhat.com/errata/RHSA-2025:13428
reference_id	RHSA-2025:13428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13428

reference_url	https://access.redhat.com/errata/RHSA-2025:13429
reference_id	RHSA-2025:13429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13429

reference_url	https://access.redhat.com/errata/RHSA-2025:13622
reference_id	RHSA-2025:13622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13622

reference_url	https://access.redhat.com/errata/RHSA-2025:13677
reference_id	RHSA-2025:13677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13677

reference_url	https://access.redhat.com/errata/RHSA-2025:13681
reference_id	RHSA-2025:13681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13681

reference_url	https://access.redhat.com/errata/RHSA-2025:13683
reference_id	RHSA-2025:13683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13683

reference_url	https://access.redhat.com/errata/RHSA-2025:13684
reference_id	RHSA-2025:13684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13684

reference_url	https://access.redhat.com/errata/RHSA-2025:13688
reference_id	RHSA-2025:13688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13688

reference_url	https://access.redhat.com/errata/RHSA-2025:13689
reference_id	RHSA-2025:13689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13689

reference_url	https://access.redhat.com/errata/RHSA-2025:13788
reference_id	RHSA-2025:13788
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13788

reference_url	https://access.redhat.com/errata/RHSA-2025:13789
reference_id	RHSA-2025:13789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13789

reference_url	https://access.redhat.com/errata/RHSA-2025:13806
reference_id	RHSA-2025:13806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13806

reference_url	https://access.redhat.com/errata/RHSA-2025:14059
reference_id	RHSA-2025:14059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14059

reference_url	https://access.redhat.com/errata/RHSA-2025:14186
reference_id	RHSA-2025:14186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14186

reference_url	https://access.redhat.com/errata/RHSA-2025:14644
reference_id	RHSA-2025:14644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14644

reference_url	https://access.redhat.com/errata/RHSA-2025:14818
reference_id	RHSA-2025:14818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14818

reference_url	https://access.redhat.com/errata/RHSA-2025:14819
reference_id	RHSA-2025:14819
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14819

reference_url	https://access.redhat.com/errata/RHSA-2025:14853
reference_id	RHSA-2025:14853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14853

reference_url	https://access.redhat.com/errata/RHSA-2025:14858
reference_id	RHSA-2025:14858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14858

reference_url	https://access.redhat.com/errata/RHSA-2025:15308
reference_id	RHSA-2025:15308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15308

reference_url	https://access.redhat.com/errata/RHSA-2025:15672
reference_id	RHSA-2025:15672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15672

reference_url	https://access.redhat.com/errata/RHSA-2025:16159
reference_id	RHSA-2025:16159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16159

reference_url	https://access.redhat.com/errata/RHSA-2025:22529
reference_id	RHSA-2025:22529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22529

reference_url	https://usn.ubuntu.com/7467-1/
reference_id	USN-7467-1
reference_type
scores
url	https://usn.ubuntu.com/7467-1/

reference_url	https://usn.ubuntu.com/7467-2/
reference_id	USN-7467-2
reference_type
scores
url	https://usn.ubuntu.com/7467-2/

reference_url	https://usn.ubuntu.com/7896-1/
reference_id	USN-7896-1
reference_type
scores
url	https://usn.ubuntu.com/7896-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-32415

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qp6y-dt1j-97df

url VCID-qpnt-xvgv-s3cq

vulnerability_id VCID-qpnt-xvgv-s3cq

summary This advisory has been invalidated.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28484

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.48249
published_at	2026-04-16T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48186
published_at	2026-04-12T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48197
published_at	2026-04-13T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4913
published_at	2026-04-07T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49199
published_at	2026-04-11T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49181
published_at	2026-04-09T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49184
published_at	2026-04-08T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49179
published_at	2026-04-04T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4915
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/491

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/491

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436
reference_id	1034436
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185994
reference_id	2185994
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185994

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-28484
reference_id	CVE-2023-28484
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-28484

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_id

ntap-20230601-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_id

ntap-20240201-0005

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_url	https://access.redhat.com/errata/RHSA-2023:4349
reference_id	RHSA-2023:4349
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4349

reference_url	https://access.redhat.com/errata/RHSA-2023:4529
reference_id	RHSA-2023:4529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4529

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/6028-1/
reference_id	USN-6028-1
reference_type
scores
url	https://usn.ubuntu.com/6028-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2023-28484

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnt-xvgv-s3cq

url VCID-qtp3-a1g7-8kgw

vulnerability_id VCID-qtp3-a1g7-8kgw

summary

Improper Restriction of XML External Entity Reference
libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9318

reference_id

reference_type

scores

value	0.00121
scoring_system	epss
scoring_elements	0.31055
published_at	2026-04-16T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31068
published_at	2026-04-12T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31023
published_at	2026-04-13T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32722
published_at	2026-04-07T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32769
published_at	2026-04-08T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32901
published_at	2026-04-04T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32735
published_at	2026-04-01T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32866
published_at	2026-04-02T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.3896
published_at	2026-04-09T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38972
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9318

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395609
reference_id	1395609
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395609

reference_url

https://github.com/lsh123/xmlsec/issues/43

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

https://github.com/lsh123/xmlsec/issues/43

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581
reference_id	844581
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581

reference_url

http://www.securityfocus.com/bid/94347

reference_id

94347

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

http://www.securityfocus.com/bid/94347

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-9318
reference_id	CVE-2016-9318
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-9318

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=772726

reference_id

show_bug.cgi?id=772726

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=772726

reference_url

reference_id

USN-3739-2

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2016-9318

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtp3-a1g7-8kgw

url VCID-qv3r-ppuc-zycz

vulnerability_id VCID-qv3r-ppuc-zycz

summary

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7595

reference_id

reference_type

scores

value	0.00473
scoring_system	epss
scoring_elements	0.64751
published_at	2026-04-11T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64734
published_at	2026-04-09T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.6472
published_at	2026-04-08T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64672
published_at	2026-04-07T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.6474
published_at	2026-04-12T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64712
published_at	2026-04-13T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.6475
published_at	2026-04-16T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65326
published_at	2026-04-01T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65401
published_at	2026-04-04T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65375
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7595

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1992

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1992

reference_url

https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7595

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7595

reference_url

https://security.gentoo.org/glsa/202010-04

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://security.gentoo.org/glsa/202010-04

reference_url

https://security.netapp.com/advisory/ntap-20200702-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200702-0005

reference_url

https://security.netapp.com/advisory/ntap-20200702-0005/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://security.netapp.com/advisory/ntap-20200702-0005/

reference_url

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

reference_url

https://usn.ubuntu.com/4274-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4274-1

reference_url

https://usn.ubuntu.com/4274-1/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://usn.ubuntu.com/4274-1/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1799786
reference_id	1799786
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1799786

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_id

545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
reference_id	949582
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-7553-jr98-vx47

reference_url

reference_id

GHSA-7553-jr98-vx47

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7553-jr98-vx47

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2020-7595, GHSA-7553-jr98-vx47

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qv3r-ppuc-zycz

url VCID-rsvx-3f49-v3an

vulnerability_id VCID-rsvx-3f49-v3an

summary

Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)
A flaw was found in libxml2. By exploiting an exponential entity expansion attack its possible bypassing all existing protection mechanisms and lead to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3541

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.18918
published_at	2026-04-01T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18822
published_at	2026-04-16T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18921
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1887
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19054
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19106
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18828
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18907
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18962
published_at	2026-04-09T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18968
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3541

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1950515
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1950515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://security.netapp.com/advisory/ntap-20210805-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210805-0007/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603
reference_id	988603
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-3541
reference_id	CVE-2021-3541
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-3541

reference_url	https://security.gentoo.org/glsa/202107-05
reference_id	GLSA-202107-05
reference_type
scores
url	https://security.gentoo.org/glsa/202107-05

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3541

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rsvx-3f49-v3an

url VCID-s9r4-a3uz-4yhp

vulnerability_id VCID-s9r4-a3uz-4yhp

summary

Integer Overflow or Wraparound
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

references

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29824

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22481
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22543
published_at	2026-04-09T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22562
published_at	2026-04-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22521
published_at	2026-04-12T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22466
published_at	2026-04-13T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22407
published_at	2026-04-07T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22489
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22976
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.2302
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29824

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14

reference_url	https://gitlab.gnome.org/GNOME/libxslt/-/tags
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxslt/-/tags

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526
reference_id	1010526
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2082158
reference_id	2082158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2082158

reference_url

reference_id

AVG-2726

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-29824
reference_id	CVE-2022-29824
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-29824

reference_url	https://security.gentoo.org/glsa/202210-03
reference_id	GLSA-202210-03
reference_type
scores
url	https://security.gentoo.org/glsa/202210-03

reference_url	https://access.redhat.com/errata/RHSA-2022:5250
reference_id	RHSA-2022:5250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5250

reference_url	https://access.redhat.com/errata/RHSA-2022:5317
reference_id	RHSA-2022:5317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5317

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5422-1/
reference_id	USN-5422-1
reference_type
scores
url	https://usn.ubuntu.com/5422-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-29824

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9r4-a3uz-4yhp

url VCID-t53m-6vvr-27cf

vulnerability_id VCID-t53m-6vvr-27cf

summary

Loop with Unreachable Exit Condition ('Infinite Loop')
libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14567

reference_id

reference_type

scores

value	0.00677
scoring_system	epss
scoring_elements	0.71451
published_at	2026-04-01T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71459
published_at	2026-04-02T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71476
published_at	2026-04-04T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71449
published_at	2026-04-07T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71489
published_at	2026-04-08T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71501
published_at	2026-04-09T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71524
published_at	2026-04-11T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71508
published_at	2026-04-12T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.7149
published_at	2026-04-13T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71536
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14567

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1619875
reference_id	1619875
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1619875

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-14567
reference_id	CVE-2018-14567
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-14567

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2018-14567

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t53m-6vvr-27cf

url VCID-udew-3gre-13hy

vulnerability_id VCID-udew-3gre-13hy

summary Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40303

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39746
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39762
published_at	2026-04-16T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39768
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39687
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39741
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39755
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39765
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39729
published_at	2026-04-12T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39712
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

reference_url	https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1139-2022-10-18

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224
reference_id	1022224
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224

reference_url

http://seclists.org/fulldisclosure/2022/Dec/21

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/21

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2136266
reference_id	2136266
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2136266

reference_url

http://seclists.org/fulldisclosure/2022/Dec/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/24

reference_url

http://seclists.org/fulldisclosure/2022/Dec/25

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/25

reference_url

http://seclists.org/fulldisclosure/2022/Dec/26

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/26

reference_url

http://seclists.org/fulldisclosure/2022/Dec/27

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/27

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-40303
reference_id	CVE-2022-40303
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-40303

reference_url	https://security.gentoo.org/glsa/202210-39
reference_id	GLSA-202210-39
reference_type
scores
url	https://security.gentoo.org/glsa/202210-39

reference_url

https://support.apple.com/kb/HT213531

reference_id

HT213531

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213531

reference_url

https://support.apple.com/kb/HT213533

reference_id

HT213533

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213533

reference_url

https://support.apple.com/kb/HT213534

reference_id

HT213534

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213534

reference_url

https://support.apple.com/kb/HT213535

reference_id

HT213535

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213535

reference_url

https://support.apple.com/kb/HT213536

reference_id

HT213536

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213536

reference_url

https://security.netapp.com/advisory/ntap-20221209-0003/

reference_id

ntap-20221209-0003

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://security.netapp.com/advisory/ntap-20221209-0003/

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://access.redhat.com/errata/RHSA-2023:0173
reference_id	RHSA-2023:0173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0173

reference_url	https://access.redhat.com/errata/RHSA-2023:0338
reference_id	RHSA-2023:0338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0338

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/5760-1/
reference_id	USN-5760-1
reference_type
scores
url	https://usn.ubuntu.com/5760-1/

reference_url	https://usn.ubuntu.com/5760-2/
reference_id	USN-5760-2
reference_type
scores
url	https://usn.ubuntu.com/5760-2/

reference_url	https://usn.ubuntu.com/7659-1/
reference_id	USN-7659-1
reference_type
scores
url	https://usn.ubuntu.com/7659-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-40303

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-udew-3gre-13hy

url VCID-ugyh-dycm-3bc3

vulnerability_id VCID-ugyh-dycm-3bc3

summary libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19956

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.36116
published_at	2026-04-16T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3601
published_at	2026-04-01T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36204
published_at	2026-04-02T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36231
published_at	2026-04-04T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36066
published_at	2026-04-07T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36115
published_at	2026-04-08T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36133
published_at	2026-04-09T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3614
published_at	2026-04-11T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36102
published_at	2026-04-12T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36075
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1788856
reference_id	1788856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1788856

reference_url

https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549

reference_id

5a02583c7e683896d84878bd90641d8d9b0d0549

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-19956
reference_id	CVE-2019-19956
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-19956

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

reference_id

msg00005.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

reference_url

https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

reference_id

msg00032.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

reference_url

https://security.netapp.com/advisory/ntap-20200114-0002/

reference_id

ntap-20200114-0002

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://security.netapp.com/advisory/ntap-20200114-0002/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2019-19956

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugyh-dycm-3bc3

url VCID-vf7b-s3y3-sfhw

vulnerability_id VCID-vf7b-s3y3-sfhw

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3537

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29551
published_at	2026-04-16T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29532
published_at	2026-04-13T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29584
published_at	2026-04-12T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34266
published_at	2026-04-02T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34299
published_at	2026-04-04T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.33927
published_at	2026-04-01T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.3626
published_at	2026-04-07T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36337
published_at	2026-04-11T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36331
published_at	2026-04-09T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36309
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3537

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1956522

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1956522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3537

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3537

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_url	https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210625-0002/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123
reference_id	988123
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-286v-pcf5-25rc

reference_url

reference_id

GHSA-286v-pcf5-25rc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-286v-pcf5-25rc

reference_url

reference_id

GLSA-202107-05

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3537, GHSA-286v-pcf5-25rc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vf7b-s3y3-sfhw

url VCID-wc4g-sxyq-ubcd

vulnerability_id VCID-wc4g-sxyq-ubcd

summary

Allocation of Resources Without Limits or Throttling
The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

references

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18258

reference_id

reference_type

scores

value	0.0079
scoring_system	epss
scoring_elements	0.73914
published_at	2026-04-16T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73872
published_at	2026-04-13T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73824
published_at	2026-04-01T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.7388
published_at	2026-04-12T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73898
published_at	2026-04-11T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73876
published_at	2026-04-09T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73863
published_at	2026-04-08T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73829
published_at	2026-04-07T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73858
published_at	2026-04-04T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73833
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18258

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

reference_url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20190719-0001

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190719-0001

reference_url	https://security.netapp.com/advisory/ntap-20190719-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190719-0001/

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.archlinux.org/AVG-671

reference_url	https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3739-1/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1566749
reference_id	1566749
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1566749

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
reference_id	895245
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245

reference_url

reference_id

AVG-671

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-671

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-18258

reference_id

CVE-2017-18258

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18258

reference_url

https://github.com/advisories/GHSA-882p-jqgm-f45g

reference_id

GHSA-882p-jqgm-f45g

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-882p-jqgm-f45g

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2017-18258, GHSA-882p-jqgm-f45g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd

url VCID-x9ej-7dcq-tub2

vulnerability_id VCID-x9ej-7dcq-tub2

summary

Double Free
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29469

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.2209
published_at	2026-04-02T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21959
published_at	2026-04-16T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2214
published_at	2026-04-04T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2191
published_at	2026-04-07T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21991
published_at	2026-04-08T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22046
published_at	2026-04-09T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22061
published_at	2026-04-11T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2202
published_at	2026-04-12T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2196
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/510

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/510

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437
reference_id	1034437
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185984
reference_id	2185984
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185984

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-29469
reference_id	CVE-2023-29469
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-29469

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_id

ntap-20230601-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:4349
reference_id	RHSA-2023:4349
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4349

reference_url	https://access.redhat.com/errata/RHSA-2023:4529
reference_id	RHSA-2023:4529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4529

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/6028-1/
reference_id	USN-6028-1
reference_type
scores
url	https://usn.ubuntu.com/6028-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2023-29469

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ej-7dcq-tub2

url VCID-xps8-1a3r-wke6

vulnerability_id VCID-xps8-1a3r-wke6

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3516

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.56934
published_at	2026-04-07T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56985
published_at	2026-04-08T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56988
published_at	2026-04-09T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56995
published_at	2026-04-11T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57651
published_at	2026-04-04T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57545
published_at	2026-04-01T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57629
published_at	2026-04-02T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58327
published_at	2026-04-13T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.5836
published_at	2026-04-16T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58347
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3516

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/230

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1954225
reference_id	1954225
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1954225

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739
reference_id	987739
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-3516
reference_id	CVE-2021-3516
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-3516

reference_url	https://security.gentoo.org/glsa/202107-05
reference_id	GLSA-202107-05
reference_type
scores
url	https://security.gentoo.org/glsa/202107-05

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3516

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xps8-1a3r-wke6

Fixing_vulnerabilities

url VCID-3whx-6t3e-7beq

vulnerability_id VCID-3whx-6t3e-7beq

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5969

reference_id

reference_type

scores

value	0.02935
scoring_system	epss
scoring_elements	0.86361
published_at	2026-04-01T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86443
published_at	2026-04-16T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86434
published_at	2026-04-11T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86432
published_at	2026-04-12T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86426
published_at	2026-04-13T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86372
published_at	2026-04-02T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86389
published_at	2026-04-04T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86391
published_at	2026-04-07T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.8641
published_at	2026-04-08T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.8642
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5969

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=778519
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=778519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_url	https://security.gentoo.org/glsa/201711-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201711-01

reference_url	http://www.openwall.com/lists/oss-security/2016/11/05/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/11/05/3

reference_url	http://www.openwall.com/lists/oss-security/2017/02/13/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2017/02/13/1

reference_url	http://www.securityfocus.com/bid/96188
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/96188

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1421996
reference_id	1421996
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1421996

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001
reference_id	855001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5969

reference_id

CVE-2017-5969

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5969

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-5969

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3whx-6t3e-7beq

url VCID-4hws-gtxr-3bge

vulnerability_id VCID-4hws-gtxr-3bge

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7376

reference_id

reference_type

scores

value	0.38432
scoring_system	epss
scoring_elements	0.97211
published_at	2026-04-01T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97247
published_at	2026-04-16T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97238
published_at	2026-04-12T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97239
published_at	2026-04-13T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97216
published_at	2026-04-02T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97222
published_at	2026-04-04T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97223
published_at	2026-04-07T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97233
published_at	2026-04-08T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97234
published_at	2026-04-09T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97237
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1462216
reference_id	1462216
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1462216

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865
reference_id	870865
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7376
reference_id	CVE-2017-7376
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7376

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-7376

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hws-gtxr-3bge

url VCID-57yv-ay7b-v7ev

vulnerability_id VCID-57yv-ay7b-v7ev

summary

Out-of-bounds Write
An integer overflow in xmlmemory.c in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5130.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5130.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5130

reference_id

reference_type

scores

value	0.01165
scoring_system	epss
scoring_elements	0.78655
published_at	2026-04-16T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78576
published_at	2026-04-01T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78583
published_at	2026-04-02T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78614
published_at	2026-04-04T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78596
published_at	2026-04-07T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78621
published_at	2026-04-08T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78628
published_at	2026-04-09T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78652
published_at	2026-04-11T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78634
published_at	2026-04-12T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78627
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5130

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.securityfocus.com/bid/101482

reference_id

101482

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

http://www.securityfocus.com/bid/101482

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1503537
reference_id	1503537
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1503537

reference_url

https://crbug.com/722079

reference_id

722079

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://crbug.com/722079

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880000
reference_id	880000
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880000

reference_url	https://security.archlinux.org/ASA-201710-27
reference_id	ASA-201710-27
reference_type
scores
url	https://security.archlinux.org/ASA-201710-27

reference_url

https://security.archlinux.org/AVG-456

reference_id

AVG-456

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-456

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-5130
reference_id	CVE-2017-5130
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-5130

reference_url

https://security.gentoo.org/glsa/201710-24

reference_id

GLSA-201710-24

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://security.gentoo.org/glsa/201710-24

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed

reference_id

?id=897dffbae322b46b83f99a607d527058a72c51ed

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed

reference_url

https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html

reference_url

https://access.redhat.com/errata/RHSA-2017:2997

reference_id

RHSA-2017:2997

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://access.redhat.com/errata/RHSA-2017:2997

reference_url

http://bugzilla.gnome.org/show_bug.cgi?id=783026

reference_id

show_bug.cgi?id=783026

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

http://bugzilla.gnome.org/show_bug.cgi?id=783026

reference_url

https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html

reference_id

stable-channel-update-for-desktop.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-5130

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57yv-ay7b-v7ev

url VCID-8tej-h12t-2fag

vulnerability_id VCID-8tej-h12t-2fag

summary

Improper Restriction of XML External Entity Reference
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7375

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.48873
published_at	2026-04-16T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48754
published_at	2026-04-01T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48793
published_at	2026-04-02T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48818
published_at	2026-04-04T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48773
published_at	2026-04-07T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48827
published_at	2026-04-08T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48824
published_at	2026-04-09T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48841
published_at	2026-04-11T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48815
published_at	2026-04-12T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48823
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1462203

reference_id

1462203

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1462203

reference_url

https://source.android.com/security/bulletin/2017-06-01

reference_id

2017-06-01

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://source.android.com/security/bulletin/2017-06-01

reference_url

https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa

reference_id

308396a55280f69ad4112d4f9892f4cbeff042aa

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867
reference_id	870867
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867

reference_url

http://www.securityfocus.com/bid/98877

reference_id

98877

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

http://www.securityfocus.com/bid/98877

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7375
reference_id	CVE-2017-7375
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7375

reference_url

https://www.debian.org/security/2017/dsa-3952

reference_id

dsa-3952

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://www.debian.org/security/2017/dsa-3952

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

reference_id

?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-7375

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tej-h12t-2fag

url VCID-gvmn-4dtv-8qcj

vulnerability_id VCID-gvmn-4dtv-8qcj

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
parser.c in libxml2 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16931

reference_id

reference_type

scores

value	0.0165
scoring_system	epss
scoring_elements	0.81939
published_at	2026-04-01T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.82042
published_at	2026-04-16T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.82023
published_at	2026-04-11T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.82012
published_at	2026-04-12T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.82006
published_at	2026-04-13T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.8195
published_at	2026-04-02T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.81973
published_at	2026-04-04T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.81969
published_at	2026-04-07T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.81996
published_at	2026-04-08T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.82004
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16931

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=766956
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=766956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
reference_id
reference_type
scores
url	https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3

reference_url	https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_url	https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url	https://www.oracle.com//security-alerts/cpujul2021.html

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1517307
reference_id	1517307
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1517307

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16931

reference_id

CVE-2017-16931

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16931

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-16931

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvmn-4dtv-8qcj

url VCID-mm88-amve-quh6

vulnerability_id VCID-mm88-amve-quh6

summary

Out-of-bounds Read
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8872.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8872.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-8872

reference_id

reference_type

scores

value	0.00178
scoring_system	epss
scoring_elements	0.393
published_at	2026-04-01T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39477
published_at	2026-04-16T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39461
published_at	2026-04-02T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39485
published_at	2026-04-04T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39399
published_at	2026-04-07T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39454
published_at	2026-04-08T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.3947
published_at	2026-04-09T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39481
published_at	2026-04-11T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39442
published_at	2026-04-12T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39425
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-8872

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=775200

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:59:00Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=775200

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	1.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:P/I:N/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:59:00Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1449541
reference_id	1449541
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1449541

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450
reference_id	862450
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-8872

reference_id

CVE-2017-8872

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-8872

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-8872

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mm88-amve-quh6

url VCID-qqte-z1e6-xuh7

vulnerability_id VCID-qqte-z1e6-xuh7

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
A buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9047

reference_id

reference_type

scores

value	0.0266
scoring_system	epss
scoring_elements	0.85805
published_at	2026-04-16T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85779
published_at	2026-04-09T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85793
published_at	2026-04-11T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.8579
published_at	2026-04-12T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85787
published_at	2026-04-13T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86261
published_at	2026-04-02T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86298
published_at	2026-04-08T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86279
published_at	2026-04-07T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86278
published_at	2026-04-04T12:55:00Z

value	0.03032
scoring_system	epss
scoring_elements	0.86594
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1452554
reference_id	1452554
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1452554

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022
reference_id	863022
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9047
reference_id	CVE-2017-9047
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9047

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-9047

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqte-z1e6-xuh7

url VCID-qxwq-xwaw-nyak

vulnerability_id VCID-qxwq-xwaw-nyak

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-0663

reference_id

reference_type

scores

value	0.01042
scoring_system	epss
scoring_elements	0.77393
published_at	2026-04-01T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77488
published_at	2026-04-16T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77451
published_at	2026-04-12T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77448
published_at	2026-04-13T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77399
published_at	2026-04-02T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77426
published_at	2026-04-04T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77405
published_at	2026-04-07T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77436
published_at	2026-04-08T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77445
published_at	2026-04-09T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77471
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1462225
reference_id	1462225
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1462225

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870
reference_id	870870
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-0663

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxwq-xwaw-nyak

url VCID-rhgj-t5cp-wkbh

vulnerability_id VCID-rhgj-t5cp-wkbh

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
libxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9048

reference_id

reference_type

scores

value	0.00601
scoring_system	epss
scoring_elements	0.69523
published_at	2026-04-16T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69492
published_at	2026-04-09T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69513
published_at	2026-04-11T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69498
published_at	2026-04-12T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69484
published_at	2026-04-13T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69903
published_at	2026-04-07T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69911
published_at	2026-04-02T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69898
published_at	2026-04-01T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69926
published_at	2026-04-04T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69951
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1452549
reference_id	1452549
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1452549

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021
reference_id	863021
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021

reference_url

http://www.securityfocus.com/bid/98556

reference_id

98556

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T11:40:41Z/

url

http://www.securityfocus.com/bid/98556

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9048
reference_id	CVE-2017-9048
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9048

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-9048

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhgj-t5cp-wkbh

url VCID-s9r4-a3uz-4yhp

vulnerability_id VCID-s9r4-a3uz-4yhp

summary

Integer Overflow or Wraparound
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29824

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22481
published_at	2026-04-16T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22543
published_at	2026-04-09T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22562
published_at	2026-04-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22521
published_at	2026-04-12T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22466
published_at	2026-04-13T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22407
published_at	2026-04-07T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22489
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22976
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.2302
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29824

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14

reference_url	https://gitlab.gnome.org/GNOME/libxslt/-/tags
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxslt/-/tags

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526
reference_id	1010526
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2082158
reference_id	2082158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2082158

reference_url

reference_id

AVG-2726

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url