Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1038282?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "type": "deb", "namespace": "debian", "name": "libxml2", "version": "2.9.4+dfsg1-7+deb10u4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.15.1+dfsg-2", "latest_non_vulnerable_version": "2.15.1+dfsg-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69445?format=api", "vulnerability_id": "VCID-27jd-t23h-73f4", "summary": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6021.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73267", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73295", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02116", "scoring_system": "epss", "scoring_elements": "0.84145", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02116", "scoring_system": "epss", "scoring_elements": "0.84109", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02116", "scoring_system": "epss", "scoring_elements": "0.84115", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02116", "scoring_system": "epss", "scoring_elements": "0.84133", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02116", "scoring_system": "epss", "scoring_elements": "0.84127", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02116", "scoring_system": "epss", "scoring_elements": "0.84123", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107720", "reference_id": "1107720", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107720" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "reference_id": "2372406", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372406" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926", "reference_id": "926", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926" }, { "reference_url": "https://security.archlinux.org/AVG-2899", "reference_id": "AVG-2899", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2899" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9", "reference_id": "cpe:/a:redhat:insights_proxy:1.5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1", "reference_id": "cpe:/a:redhat:jboss_core_services:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8", "reference_id": "cpe:/a:redhat:openshift:4.14::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9", "reference_id": "cpe:/a:redhat:openshift:4.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-6021", "reference_id": "CVE-2025-6021", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-6021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10630", "reference_id": "RHSA-2025:10630", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10698", "reference_id": "RHSA-2025:10698", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10699", "reference_id": "RHSA-2025:10699", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11580", "reference_id": "RHSA-2025:11580", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11673", "reference_id": "RHSA-2025:11673", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12098", "reference_id": "RHSA-2025:12098", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12099", "reference_id": "RHSA-2025:12099", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12199", "reference_id": "RHSA-2025:12199", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12237", "reference_id": "RHSA-2025:12237", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12239", "reference_id": "RHSA-2025:12239", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12240", "reference_id": "RHSA-2025:12240", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12241", "reference_id": "RHSA-2025:12241", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13289", "reference_id": "RHSA-2025:13289", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13325", "reference_id": "RHSA-2025:13325", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13325" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13335", "reference_id": "RHSA-2025:13335", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13336", "reference_id": "RHSA-2025:13336", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14059", "reference_id": "RHSA-2025:14059", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14396", "reference_id": "RHSA-2025:14396", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14396" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15308", "reference_id": "RHSA-2025:15308", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15672", "reference_id": "RHSA-2025:15672", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19020", "reference_id": "RHSA-2025:19020", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19020" }, { "reference_url": "https://usn.ubuntu.com/7694-1/", "reference_id": "USN-7694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7694-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2025-6021" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27jd-t23h-73f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71841?format=api", "vulnerability_id": "VCID-31w8-13b6-8beh", "summary": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24928", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46331", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46418", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46355", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46356", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46379", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46351", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46361", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.46352", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00235", "scoring_system": "epss", "scoring_elements": "0.463", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321", "reference_id": "1098321", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346421", "reference_id": "2346421", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346421" }, { "reference_url": "https://issues.oss-fuzz.com/issues/392687022", "reference_id": "392687022", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/" } ], "url": "https://issues.oss-fuzz.com/issues/392687022" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847", "reference_id": "847", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2482", "reference_id": "RHSA-2025:2482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2483", "reference_id": "RHSA-2025:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2507", "reference_id": "RHSA-2025:2507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2513", "reference_id": "RHSA-2025:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2654", "reference_id": "RHSA-2025:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2660", "reference_id": "RHSA-2025:2660", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2660" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2673", "reference_id": "RHSA-2025:2673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2678", "reference_id": "RHSA-2025:2678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2679", "reference_id": "RHSA-2025:2679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2686", "reference_id": "RHSA-2025:2686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2789", "reference_id": "RHSA-2025:2789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3055", "reference_id": "RHSA-2025:3055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3368", "reference_id": "RHSA-2025:3368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3397", "reference_id": "RHSA-2025:3397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3453", "reference_id": "RHSA-2025:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3453" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3569", "reference_id": "RHSA-2025:3569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3775", "reference_id": "RHSA-2025:3775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3780", "reference_id": "RHSA-2025:3780", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3780" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3867", "reference_id": "RHSA-2025:3867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4005", "reference_id": "RHSA-2025:4005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9895", "reference_id": "RHSA-2025:9895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9895" }, { "reference_url": "https://usn.ubuntu.com/7302-1/", "reference_id": "USN-7302-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7302-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2025-24928" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31w8-13b6-8beh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69443?format=api", "vulnerability_id": "VCID-464a-typa-7qbu", "summary": "libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10121", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10061", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10087", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09984", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10161", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.10028", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30679", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30698", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30654", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-6170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938", "reference_id": "1107938", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", "reference_id": "2372952", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372952" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/941", "reference_id": "941", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/941" }, { "reference_url": "https://security.archlinux.org/AVG-2898", "reference_id": "AVG-2898", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2898" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1", "reference_id": "cpe:/a:redhat:jboss_core_services:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-6170", "reference_id": "CVE-2025-6170", "reference_type": "", "scores": [ { "value": "2.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-6170" }, { "reference_url": "https://usn.ubuntu.com/7694-1/", "reference_id": "USN-7694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7694-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2025-6170" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-464a-typa-7qbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9028?format=api", "vulnerability_id": "VCID-4m3j-qy8c-4uhk", "summary": "NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75193", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75167", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75189", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75168", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75155", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75144", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00868", "scoring_system": "epss", "scoring_elements": "0.75114", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-2309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-wrxv-2j5q-m38w", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrxv-2j5q-m38w" }, { "reference_url": "https://github.com/lxml/lxml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lxml/lxml" }, { "reference_url": "https://github.com/lxml/lxml/blob/master/CHANGES.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lxml/lxml/blob/master/CHANGES.txt" }, { "reference_url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml" }, { "reference_url": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2309", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2309" }, { "reference_url": "https://security.gentoo.org/glsa/202208-06", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-06" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220915-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220915-0006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766", "reference_id": "1014766", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991", "reference_id": "1039991", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107571", "reference_id": "2107571", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2107571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8226", "reference_id": "RHSA-2022:8226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8226" }, { "reference_url": "https://usn.ubuntu.com/5760-1/", "reference_id": "USN-5760-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5760-1/" }, { "reference_url": "https://usn.ubuntu.com/6028-2/", "reference_id": "USN-6028-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6028-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2022-2309", "GHSA-wrxv-2j5q-m38w", "PYSEC-2022-230" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4m3j-qy8c-4uhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69455?format=api", "vulnerability_id": "VCID-74y5-vcxn-2ygr", "summary": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31549", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31368", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31421", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31452", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31455", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63469", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63434", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00445", "scoring_system": "epss", "scoring_elements": "0.63467", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755", "reference_id": "1107755", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", "reference_id": "2372373", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931", "reference_id": "931", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931" }, { "reference_url": "https://security.archlinux.org/AVG-2898", "reference_id": "AVG-2898", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2898" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9", "reference_id": "cpe:/a:redhat:cert_manager:1.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9", "reference_id": "cpe:/a:redhat:insights_proxy:1.5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1", "reference_id": "cpe:/a:redhat:jboss_core_services:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9", "reference_id": "cpe:/a:redhat:openshift:4.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9", "reference_id": "cpe:/a:redhat:openshift:4.20::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9", "reference_id": "cpe:/a:redhat:openshift_file_integrity_operator:1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8", "reference_id": "cpe:/a:redhat:openshift_serverless:1.36::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9", "reference_id": "cpe:/a:redhat:webterminal:1.11::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9", "reference_id": "cpe:/a:redhat:webterminal:1.12::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-49794", "reference_id": "CVE-2025-49794", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-49794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10630", "reference_id": "RHSA-2025:10630", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10698", "reference_id": "RHSA-2025:10698", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10699", "reference_id": "RHSA-2025:10699", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11580", "reference_id": "RHSA-2025:11580", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12098", "reference_id": "RHSA-2025:12098", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12099", "reference_id": "RHSA-2025:12099", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12199", "reference_id": "RHSA-2025:12199", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12237", "reference_id": "RHSA-2025:12237", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12239", "reference_id": "RHSA-2025:12239", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12240", "reference_id": "RHSA-2025:12240", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12241", "reference_id": "RHSA-2025:12241", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13335", "reference_id": "RHSA-2025:13335", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15827", "reference_id": "RHSA-2025:15827", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15828", "reference_id": "RHSA-2025:15828", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19020", "reference_id": "RHSA-2025:19020", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21913", "reference_id": "RHSA-2025:21913", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7694-1/", "reference_id": "USN-7694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7694-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2025-49794" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-74y5-vcxn-2ygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58841?format=api", "vulnerability_id": "VCID-782a-uast-nbch", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69877", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69892", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69805", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69904", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69863", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69869", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00614", "scoring_system": "epss", "scoring_elements": "0.69853", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.70255", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.70272", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.70243", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20388" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799734", "reference_id": "1799734", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799734" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "reference_id": "545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "reference_id": "5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", "reference_id": "68", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583", "reference_id": "949583", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583" }, { "reference_url": "https://security.archlinux.org/ASA-202011-15", "reference_id": "ASA-202011-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-15" }, { "reference_url": "https://security.archlinux.org/AVG-1263", "reference_id": "AVG-1263", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1263" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20388", "reference_id": "CVE-2019-20388", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20388" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "reference_id": "JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3996", "reference_id": "RHSA-2020:3996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4479", "reference_id": "RHSA-2020:4479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4991-1/", "reference_id": "USN-4991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2019-20388" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-782a-uast-nbch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44699?format=api", "vulnerability_id": "VCID-7bpp-2hvk-2udv", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.65987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66036", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66048", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66067", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66054", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00502", "scoring_system": "epss", "scoring_elements": "0.66024", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00516", "scoring_system": "epss", "scoring_elements": "0.66619", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00516", "scoring_system": "epss", "scoring_elements": "0.66645", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00516", "scoring_system": "epss", "scoring_elements": "0.6658", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67656", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/178" }, { "reference_url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200924-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200924-0001/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877788", "reference_id": "1877788", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877788" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529", "reference_id": "969529", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529" }, { "reference_url": "https://security.archlinux.org/ASA-202011-15", "reference_id": "ASA-202011-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-15" }, { "reference_url": "https://security.archlinux.org/AVG-1263", "reference_id": "AVG-1263", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1263" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24977", "reference_id": "CVE-2020-24977", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24977" }, { "reference_url": "https://security.gentoo.org/glsa/202107-05", "reference_id": "GLSA-202107-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1597", "reference_id": "RHSA-2021:1597", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1597" }, { "reference_url": "https://usn.ubuntu.com/4991-1/", "reference_id": "USN-4991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2020-24977" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7bpp-2hvk-2udv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76431?format=api", "vulnerability_id": "VCID-8d2w-3c3p-zqaz", "summary": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34459", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.7372", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.73635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.73659", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.73632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.73667", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.7368", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.73702", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.73685", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0078", "scoring_system": "epss", "scoring_elements": "0.73676", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162", "reference_id": "1071162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280532", "reference_id": "2280532", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280532" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/", "reference_id": "5HVUXKYTBWT3G5DEEQX62STJQBY367NL", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/", "reference_id": "INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/" }, { "reference_url": "https://usn.ubuntu.com/7240-1/", "reference_id": "USN-7240-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7240-1/" }, { "reference_url": "https://usn.ubuntu.com/7302-1/", "reference_id": "USN-7302-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7302-1/" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8", "reference_id": "v2.11.8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7", "reference_id": "v2.12.7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/", "reference_id": "VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2024-34459" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8d2w-3c3p-zqaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44704?format=api", "vulnerability_id": "VCID-9hqf-12yh-bkc8", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48448", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48398", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48386", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48412", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48388", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48394", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49056", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.4909", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3518" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954242" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Jul/54", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2021/Jul/54" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Jul/55", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2021/Jul/55" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Jul/58", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2021/Jul/58" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Jul/59", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2021/Jul/59" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/" }, { "reference_url": "https://nokogiri.org/CHANGELOG.html#1114-2021-05-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nokogiri.org/CHANGELOG.html#1114-2021-05-14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3518" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210625-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210625-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210625-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/" }, { "reference_url": "https://support.apple.com/kb/HT212601", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT212601" }, { "reference_url": "https://support.apple.com/kb/HT212602", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT212602" }, { "reference_url": "https://support.apple.com/kb/HT212604", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT212604" }, { "reference_url": "https://support.apple.com/kb/HT212605", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.apple.com/kb/HT212605" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737", "reference_id": "987737", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737" }, { "reference_url": "https://security.archlinux.org/AVG-1883", "reference_id": "AVG-1883", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1883" }, { "reference_url": "https://github.com/advisories/GHSA-v4f8-2847-rwm7", "reference_id": "GHSA-v4f8-2847-rwm7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v4f8-2847-rwm7" }, { "reference_url": "https://security.gentoo.org/glsa/202107-05", "reference_id": "GLSA-202107-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2569", "reference_id": "RHSA-2021:2569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1389", "reference_id": "RHSA-2022:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1390", "reference_id": "RHSA-2022:1390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "reference_url": "https://usn.ubuntu.com/4991-1/", "reference_id": "USN-4991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2021-3518", "GHSA-v4f8-2847-rwm7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hqf-12yh-bkc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18855?format=api", "vulnerability_id": "VCID-aasn-u7fd-8bhy", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nXmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30629", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30649", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30604", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32184", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.32187", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34276", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34244", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36251", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.363", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:25:30Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230", "reference_id": "1051230", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235864", "reference_id": "2235864", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235864" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39615", "reference_id": "CVE-2023-39615", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7544", "reference_id": "RHSA-2023:7544", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7747", "reference_id": "RHSA-2023:7747", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0119", "reference_id": "RHSA-2024:0119", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0413", "reference_id": "RHSA-2024:0413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0413" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1317", "reference_id": "RHSA-2024:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1477", "reference_id": "RHSA-2024:1477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1477" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2023-39615" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aasn-u7fd-8bhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68202?format=api", "vulnerability_id": "VCID-ahha-vnq4-7qd2", "summary": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9714", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00812", "published_at": "2026-04-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00905", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00912", "published_at": "2026-04-11T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00907", "published_at": "2026-04-12T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00909", "published_at": "2026-04-13T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00924", "published_at": "2026-04-09T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00927", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-9714" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605", "reference_id": "2392605", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21", "reference_id": "677a42645ef22b5a50741bad5facf9d8a8bc6d21", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T18:46:42Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22162", "reference_id": "RHSA-2025:22162", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22163", "reference_id": "RHSA-2025:22163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22177", "reference_id": "RHSA-2025:22177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22376", "reference_id": "RHSA-2025:22376", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22376" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22377", "reference_id": "RHSA-2025:22377", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22377" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22868", "reference_id": "RHSA-2025:22868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23202", "reference_id": "RHSA-2025:23202", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23204", "reference_id": "RHSA-2025:23204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23205", "reference_id": "RHSA-2025:23205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23209", "reference_id": "RHSA-2025:23209", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23227", "reference_id": "RHSA-2025:23227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23234", "reference_id": "RHSA-2025:23234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23449", "reference_id": "RHSA-2025:23449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0414", "reference_id": "RHSA-2026:0414", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0677", "reference_id": "RHSA-2026:0677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0702", "reference_id": "RHSA-2026:0702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0702" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0978", "reference_id": "RHSA-2026:0978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0980", "reference_id": "RHSA-2026:0980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0985", "reference_id": "RHSA-2026:0985", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0985" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0996", "reference_id": "RHSA-2026:0996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:0996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1539", "reference_id": "RHSA-2026:1539", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1539" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1541", "reference_id": "RHSA-2026:1541", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1541" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1652", "reference_id": "RHSA-2026:1652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3461", "reference_id": "RHSA-2026:3461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3462", "reference_id": "RHSA-2026:3462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3462" }, { "reference_url": "https://usn.ubuntu.com/7743-1/", "reference_id": "USN-7743-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7743-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2025-9714" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ahha-vnq4-7qd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8546?format=api", "vulnerability_id": "VCID-azzy-m5pc-qudn", "summary": "Loop with Unreachable Exit Condition ('Infinite Loop')\nparser.c in libxml2 does not prevent infinite recursion in parameter entities.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95784", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95774", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95772", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95773", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95769", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95766", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95757", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95755", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95747", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.21989", "scoring_system": "epss", "scoring_elements": "0.95738", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16932" }, { "reference_url": "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=759579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=759579" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1714", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1714" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" }, { "reference_url": "https://usn.ubuntu.com/3739-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-1" }, { "reference_url": "https://usn.ubuntu.com/3739-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "https://usn.ubuntu.com/3739-1/" }, { "reference_url": "https://usn.ubuntu.com/usn/usn-3504-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/usn/usn-3504-1/" }, { "reference_url": "http://xmlsoft.org/news.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/" } ], "url": "http://xmlsoft.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517316", "reference_id": "1517316", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517316" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613", "reference_id": "882613", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16932", "reference_id": "CVE-2017-16932", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16932" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html", "reference_id": "CVE-2017-16932.HTML", "reference_type": "", "scores": [], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html" }, { "reference_url": "https://github.com/advisories/GHSA-x2fm-93ww-ggvx", "reference_id": "GHSA-x2fm-93ww-ggvx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2fm-93ww-ggvx" }, { "reference_url": "https://usn.ubuntu.com/3504-1/", "reference_id": "USN-3504-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3504-1/" }, { "reference_url": "https://usn.ubuntu.com/3504-2/", "reference_id": "USN-3504-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3504-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2017-16932", "GHSA-x2fm-93ww-ggvx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azzy-m5pc-qudn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9630?format=api", "vulnerability_id": "VCID-bejh-22y7-kuh6", "summary": "NULL Pointer Dereference\nA NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1543", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1543" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18492", "scoring_system": "epss", "scoring_elements": "0.95206", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.18492", "scoring_system": "epss", "scoring_elements": "0.95218", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18492", "scoring_system": "epss", "scoring_elements": "0.9522", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95464", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95478", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95469", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95468", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95461", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.20012", "scoring_system": "epss", "scoring_elements": "0.95454", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14404" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595985" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1785", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1785" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/issues/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/issues/10" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190719-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190719-0002/" }, { "reference_url": "https://usn.ubuntu.com/3739-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-1" }, { "reference_url": "https://usn.ubuntu.com/3739-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://usn.ubuntu.com/3739-1/" }, { "reference_url": "https://usn.ubuntu.com/3739-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-2" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404", "reference_id": "CVE-2018-14404", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14404" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml", "reference_id": "CVE-2018-14404.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml" }, { "reference_url": "https://github.com/advisories/GHSA-6qvp-r6r3-9p7h", "reference_id": "GHSA-6qvp-r6r3-9p7h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6qvp-r6r3-9p7h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1827", "reference_id": "RHSA-2020:1827", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1827" }, { "reference_url": "https://usn.ubuntu.com/3739-2/", "reference_id": "USN-3739-2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/" } ], "url": "https://usn.ubuntu.com/3739-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2018-14404", "GHSA-6qvp-r6r3-9p7h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69452?format=api", "vulnerability_id": "VCID-bz1e-1ypb-kkgg", "summary": "libxml: Type confusion leads to Denial of service (DoS)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.65756", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.6584", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.65761", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.6582", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.65809", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.65791", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82724", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82689", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01777", "scoring_system": "epss", "scoring_elements": "0.82685", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-49796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752", "reference_id": "1107752", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "reference_id": "2372385", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933", "reference_id": "933", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933" }, { "reference_url": "https://security.archlinux.org/AVG-2898", "reference_id": "AVG-2898", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2898" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9", "reference_id": "cpe:/a:redhat:cert_manager:1.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9", "reference_id": "cpe:/a:redhat:insights_proxy:1.5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1", "reference_id": "cpe:/a:redhat:jboss_core_services:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9", "reference_id": "cpe:/a:redhat:openshift:4.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9", "reference_id": "cpe:/a:redhat:openshift:4.20::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9", "reference_id": "cpe:/a:redhat:openshift_file_integrity_operator:1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8", "reference_id": "cpe:/a:redhat:openshift_serverless:1.36::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_aus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_tus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9", "reference_id": "cpe:/a:redhat:webterminal:1.11::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9", "reference_id": "cpe:/a:redhat:webterminal:1.12::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-49796", "reference_id": "CVE-2025-49796", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-49796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10630", "reference_id": "RHSA-2025:10630", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10698", "reference_id": "RHSA-2025:10698", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:10699", "reference_id": "RHSA-2025:10699", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:10699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11580", "reference_id": "RHSA-2025:11580", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12098", "reference_id": "RHSA-2025:12098", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12099", "reference_id": "RHSA-2025:12099", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12099" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12199", "reference_id": "RHSA-2025:12199", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12237", "reference_id": "RHSA-2025:12237", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12239", "reference_id": "RHSA-2025:12239", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12240", "reference_id": "RHSA-2025:12240", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12241", "reference_id": "RHSA-2025:12241", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:12241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13267", "reference_id": "RHSA-2025:13267", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13335", "reference_id": "RHSA-2025:13335", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15827", "reference_id": "RHSA-2025:15827", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15828", "reference_id": "RHSA-2025:15828", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19020", "reference_id": "RHSA-2025:19020", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21913", "reference_id": "RHSA-2025:21913", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://usn.ubuntu.com/7694-1/", "reference_id": "USN-7694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7694-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2025-49796" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bz1e-1ypb-kkgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71838?format=api", "vulnerability_id": "VCID-c9ds-faa9-t7be", "summary": "libxml2: Use-After-Free in libxml2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56171", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40048", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40054", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40017", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39997", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40029", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40055", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39977", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.4003", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40044", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56171" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320", "reference_id": "1098320", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346416", "reference_id": "2346416", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346416" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828", "reference_id": "828", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T16:26:31Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2482", "reference_id": "RHSA-2025:2482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2483", "reference_id": "RHSA-2025:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2507", "reference_id": "RHSA-2025:2507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2513", "reference_id": "RHSA-2025:2513", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2654", "reference_id": "RHSA-2025:2654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2660", "reference_id": "RHSA-2025:2660", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2660" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2673", "reference_id": "RHSA-2025:2673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2673" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2678", "reference_id": "RHSA-2025:2678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2679", "reference_id": "RHSA-2025:2679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2686", "reference_id": "RHSA-2025:2686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2686" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2789", "reference_id": "RHSA-2025:2789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3055", "reference_id": "RHSA-2025:3055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3059", "reference_id": "RHSA-2025:3059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3066", "reference_id": "RHSA-2025:3066", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3368", "reference_id": "RHSA-2025:3368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3397", "reference_id": "RHSA-2025:3397", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3453", "reference_id": "RHSA-2025:3453", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3453" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3569", "reference_id": "RHSA-2025:3569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3867", "reference_id": "RHSA-2025:3867", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4005", "reference_id": "RHSA-2025:4005", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4005" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9895", "reference_id": "RHSA-2025:9895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9895" }, { "reference_url": "https://usn.ubuntu.com/7302-1/", "reference_id": "USN-7302-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7302-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2024-56171" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ds-faa9-t7be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13082?format=api", "vulnerability_id": "VCID-cbm2-cez4-bqgh", "summary": "Use After Free\n`valid.c` in libxml2 before 2.9.13 has a use-after-free of `ID` and `IDREF` attributes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1545", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15656", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15623", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15588", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15515", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15601", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16267", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16327", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23308" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489", "reference_id": "1006489", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056913", "reference_id": "2056913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056913" }, { "reference_url": "https://security.archlinux.org/AVG-2726", "reference_id": "AVG-2726", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2726" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308", "reference_id": "CVE-2022-23308", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23308" }, { "reference_url": "https://security.gentoo.org/glsa/202210-03", "reference_id": "GLSA-202210-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0899", "reference_id": "RHSA-2022:0899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0899" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1389", "reference_id": "RHSA-2022:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1390", "reference_id": "RHSA-2022:1390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "reference_url": "https://usn.ubuntu.com/5324-1/", "reference_id": "USN-5324-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5324-1/" }, { "reference_url": "https://usn.ubuntu.com/5422-1/", "reference_id": "USN-5422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2022-23308" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbm2-cez4-bqgh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20687?format=api", "vulnerability_id": "VCID-d68t-f8j1-h3am", "summary": "Use After Free\nWhen using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37591", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37581", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37594", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37574", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37547", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37627", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37651", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37529", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T17:35:33Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234", "reference_id": "1063234", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", "reference_id": "2262726", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262726" }, { "reference_url": "https://security.gentoo.org/glsa/202402-11", "reference_id": "GLSA-202402-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1317", "reference_id": "RHSA-2024:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2679", "reference_id": "RHSA-2024:2679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3299", "reference_id": "RHSA-2024:3299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3303", "reference_id": "RHSA-2024:3303", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3303" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3625", "reference_id": "RHSA-2024:3625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3626", "reference_id": "RHSA-2024:3626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3626" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "reference_id": "tags", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T17:35:33Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "reference_url": "https://usn.ubuntu.com/6658-1/", "reference_id": "USN-6658-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6658-1/" }, { "reference_url": "https://usn.ubuntu.com/6658-2/", "reference_id": "USN-6658-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6658-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2024-25062" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d68t-f8j1-h3am" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70438?format=api", "vulnerability_id": "VCID-drkd-yykc-ayge", "summary": "libxml2: Out-of-Bounds Read in libxml2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32414.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32414.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.3946", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39476", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39479", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39441", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39424", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39483", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39397", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39468", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102521", "reference_id": "1102521", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102521" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121", "reference_id": "2358121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12098", "reference_id": "RHSA-2025:12098", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12237", "reference_id": "RHSA-2025:12237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12239", "reference_id": "RHSA-2025:12239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12240", "reference_id": "RHSA-2025:12240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:12241", "reference_id": "RHSA-2025:12241", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:12241" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13428", "reference_id": "RHSA-2025:13428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13429", "reference_id": "RHSA-2025:13429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13677", "reference_id": "RHSA-2025:13677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13683", "reference_id": "RHSA-2025:13683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13684", "reference_id": "RHSA-2025:13684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14059", "reference_id": "RHSA-2025:14059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14644", "reference_id": "RHSA-2025:14644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14818", "reference_id": "RHSA-2025:14818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14819", "reference_id": "RHSA-2025:14819", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14819" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14853", "reference_id": "RHSA-2025:14853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14858", "reference_id": "RHSA-2025:14858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15308", "reference_id": "RHSA-2025:15308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15672", "reference_id": "RHSA-2025:15672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16159", "reference_id": "RHSA-2025:16159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22529", "reference_id": "RHSA-2025:22529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8958", "reference_id": "RHSA-2025:8958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8958" }, { "reference_url": "https://usn.ubuntu.com/7467-1/", "reference_id": "USN-7467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7467-1/" }, { "reference_url": "https://usn.ubuntu.com/7467-2/", "reference_id": "USN-7467-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7467-2/" }, { "reference_url": "https://usn.ubuntu.com/7896-1/", "reference_id": "USN-7896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2025-32414" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drkd-yykc-ayge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57379?format=api", "vulnerability_id": "VCID-eb6k-ppfd-m7a3", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40304.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40304", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00161", "scoring_system": "epss", "scoring_elements": "0.37101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44586", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44548", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44487", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44537", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44542", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44559", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44529", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.4453", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40304" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "reference_url": "https://nokogiri.org/CHANGELOG.html#1139-2022-10-18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nokogiri.org/CHANGELOG.html#1139-2022-10-18" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225", "reference_id": "1022225", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022225" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136288", "reference_id": "2136288", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136288" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/24", "reference_id": "24", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/25", "reference_id": "25", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/26", "reference_id": "26", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/27", "reference_id": "27", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40304", "reference_id": "CVE-2022-40304", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40304" }, { "reference_url": "https://security.gentoo.org/glsa/202210-39", "reference_id": "GLSA-202210-39", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-39" }, { "reference_url": "https://support.apple.com/kb/HT213531", "reference_id": "HT213531", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "https://support.apple.com/kb/HT213531" }, { "reference_url": "https://support.apple.com/kb/HT213533", "reference_id": "HT213533", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "https://support.apple.com/kb/HT213533" }, { "reference_url": "https://support.apple.com/kb/HT213534", "reference_id": "HT213534", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "https://support.apple.com/kb/HT213534" }, { "reference_url": "https://support.apple.com/kb/HT213535", "reference_id": "HT213535", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "https://support.apple.com/kb/HT213535" }, { "reference_url": "https://support.apple.com/kb/HT213536", "reference_id": "HT213536", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "https://support.apple.com/kb/HT213536" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221209-0003/", "reference_id": "ntap-20221209-0003", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0173", "reference_id": "RHSA-2023:0173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0338", "reference_id": "RHSA-2023:0338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0413", "reference_id": "RHSA-2024:0413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0413" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "reference_id": "tags", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags" }, { "reference_url": "https://usn.ubuntu.com/5760-1/", "reference_id": "USN-5760-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5760-1/" }, { "reference_url": "https://usn.ubuntu.com/5760-2/", "reference_id": "USN-5760-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5760-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2022-40304" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eb6k-ppfd-m7a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44702?format=api", "vulnerability_id": "VCID-ek5d-m9pn-3fec", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3517", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28862", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2884", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28891", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28934", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.2893", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28889", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28821", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29427", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29358", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0011", "scoring_system": "epss", "scoring_elements": "0.29474", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3517" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/2233", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/2233" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/2274", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/2274" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3517" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210625-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210625-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210625-0002/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211022-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211022-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211022-0004/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211022-0004/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738", "reference_id": "987738", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738" }, { "reference_url": "https://security.archlinux.org/AVG-1883", "reference_id": "AVG-1883", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1883" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "reference_id": "BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/" }, { "reference_url": "https://github.com/advisories/GHSA-jw9f-hh49-cvp9", "reference_id": "GHSA-jw9f-hh49-cvp9", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jw9f-hh49-cvp9" }, { "reference_url": "https://security.gentoo.org/glsa/202107-05", "reference_id": "GLSA-202107-05", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://security.gentoo.org/glsa/202107-05" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "reference_id": "QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2569", "reference_id": "RHSA-2021:2569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1389", "reference_id": "RHSA-2022:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1390", "reference_id": "RHSA-2022:1390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "reference_url": "https://usn.ubuntu.com/4991-1/", "reference_id": "USN-4991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2021-3517", "GHSA-jw9f-hh49-cvp9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ek5d-m9pn-3fec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71837?format=api", "vulnerability_id": "VCID-hafa-bcpu-8uaj", "summary": "libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26313", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.2615", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26204", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26146", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26354", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26127", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26194", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26242", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27113" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322", "reference_id": "1098322", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346410", "reference_id": "2346410", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346410" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", "reference_id": "861", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:33:43Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861" }, { "reference_url": "https://usn.ubuntu.com/7302-1/", "reference_id": "USN-7302-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7302-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2025-27113" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hafa-bcpu-8uaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84942?format=api", "vulnerability_id": "VCID-nuh8-qd25-ykan", "summary": "libxml2: Incorrect server side include parsing can lead to XSS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3709", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33794", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34132", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34164", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34024", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.34067", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45499", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45519", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45494", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45542", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3709" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112766", "reference_id": "2112766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7715", "reference_id": "RHSA-2022:7715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7715" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4767", "reference_id": "RHSA-2023:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4767" }, { "reference_url": "https://usn.ubuntu.com/5548-1/", "reference_id": "USN-5548-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5548-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2016-3709" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nuh8-qd25-ykan" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/19293?format=api", "vulnerability_id": "VCID-pdv9-xrh8-d3fz", "summary": "Use After Free\nThis advisory has been marked as False Positive and removed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22953", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22857", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22916", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22937", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.229", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22843", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22789", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22864", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-45322" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/06/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/06/5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629", "reference_id": "1053629", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242945", "reference_id": "2242945", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242945" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "reference_id": "CVE-2023-45322", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322" }, { "reference_url": "https://security.gentoo.org/glsa/202402-11", "reference_id": "GLSA-202402-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2023-45322" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pdv9-xrh8-d3fz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71953?format=api", "vulnerability_id": "VCID-qh44-gavt-rbdw", "summary": "libxml: use-after-free in xmlXIncludeAddNode", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44857", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44813", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44816", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44832", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44803", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44821", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44761", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-49043" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238", "reference_id": "1094238", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238" }, { "reference_url": "https://github.com/php/php-src/issues/17467", "reference_id": "17467", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/" } ], "url": "https://github.com/php/php-src/issues/17467" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342118", "reference_id": "2342118", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342118" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b", "reference_id": "5a19e21605398cef6a8b1452477a8705cb41562b", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1350", "reference_id": "RHSA-2025:1350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1487", "reference_id": "RHSA-2025:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1516", "reference_id": "RHSA-2025:1516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1517", "reference_id": "RHSA-2025:1517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1925", "reference_id": "RHSA-2025:1925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2507", "reference_id": "RHSA-2025:2507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2678", "reference_id": "RHSA-2025:2678", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2678" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3775", "reference_id": "RHSA-2025:3775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4409", "reference_id": "RHSA-2025:4409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4422", "reference_id": "RHSA-2025:4422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4677", "reference_id": "RHSA-2025:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7702", "reference_id": "RHSA-2025:7702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7702" }, { "reference_url": "https://usn.ubuntu.com/7240-1/", "reference_id": "USN-7240-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7240-1/" }, { "reference_url": "https://usn.ubuntu.com/7302-1/", "reference_id": "USN-7302-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7302-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2022-49043" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qh44-gavt-rbdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70212?format=api", "vulnerability_id": "VCID-qp6y-dt1j-97df", "summary": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21953", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.2182", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21915", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21874", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21817", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.22006", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21848", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21904", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-32415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511", "reference_id": "1103511", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768", "reference_id": "2360768", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13203", "reference_id": "RHSA-2025:13203", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13428", "reference_id": "RHSA-2025:13428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13429", "reference_id": "RHSA-2025:13429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13429" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13622", "reference_id": "RHSA-2025:13622", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13622" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13677", "reference_id": "RHSA-2025:13677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13681", "reference_id": "RHSA-2025:13681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13683", "reference_id": "RHSA-2025:13683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13684", "reference_id": "RHSA-2025:13684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13688", "reference_id": "RHSA-2025:13688", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13689", "reference_id": "RHSA-2025:13689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13788", "reference_id": "RHSA-2025:13788", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13788" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13789", "reference_id": "RHSA-2025:13789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13806", "reference_id": "RHSA-2025:13806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:13806" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14059", "reference_id": "RHSA-2025:14059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14186", "reference_id": "RHSA-2025:14186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14644", "reference_id": "RHSA-2025:14644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14818", "reference_id": "RHSA-2025:14818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14818" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14819", "reference_id": "RHSA-2025:14819", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14819" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14853", "reference_id": "RHSA-2025:14853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14858", "reference_id": "RHSA-2025:14858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:14858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15308", "reference_id": "RHSA-2025:15308", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15672", "reference_id": "RHSA-2025:15672", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:15672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16159", "reference_id": "RHSA-2025:16159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:16159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22529", "reference_id": "RHSA-2025:22529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22529" }, { "reference_url": "https://usn.ubuntu.com/7467-1/", "reference_id": "USN-7467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7467-1/" }, { "reference_url": "https://usn.ubuntu.com/7467-2/", "reference_id": "USN-7467-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7467-2/" }, { "reference_url": "https://usn.ubuntu.com/7896-1/", "reference_id": "USN-7896-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7896-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050284?format=api", "purl": "pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5" } ], "aliases": [ "CVE-2025-32415" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qp6y-dt1j-97df" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17357?format=api", "vulnerability_id": "VCID-qpnt-xvgv-s3cq", "summary": "This advisory has been invalidated.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28484", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48249", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48186", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48197", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.4913", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49199", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49181", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49184", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.49179", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00258", "scoring_system": "epss", "scoring_elements": "0.4915", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28484" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/491", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/491" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html" }, { "reference_url": "https://nokogiri.org/CHANGELOG.html#1143-2023-04-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nokogiri.org/CHANGELOG.html#1143-2023-04-11" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436", "reference_id": "1034436", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185994", "reference_id": "2185994", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185994" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", "reference_id": "CVE-2023-28484", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28484" }, { "reference_url": "https://security.gentoo.org/glsa/202402-11", "reference_id": "GLSA-202402-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230601-0006/", "reference_id": "ntap-20230601-0006", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230601-0006/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240201-0005/", "reference_id": "ntap-20240201-0005", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240201-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4349", "reference_id": "RHSA-2023:4349", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4349" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4529", "reference_id": "RHSA-2023:4529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0413", "reference_id": "RHSA-2024:0413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0413" }, { "reference_url": "https://usn.ubuntu.com/6028-1/", "reference_id": "USN-6028-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6028-1/" }, { "reference_url": "https://usn.ubuntu.com/6028-2/", "reference_id": "USN-6028-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6028-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2023-28484" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnt-xvgv-s3cq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7551?format=api", "vulnerability_id": "VCID-qtp3-a1g7-8kgw", "summary": "Improper Restriction of XML External Entity Reference\nlibxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31055", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31068", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00121", "scoring_system": "epss", "scoring_elements": "0.31023", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32769", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32735", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32866", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3896", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38972", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9318" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395609", "reference_id": "1395609", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395609" }, { "reference_url": "https://github.com/lsh123/xmlsec/issues/43", "reference_id": "43", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/" } ], "url": "https://github.com/lsh123/xmlsec/issues/43" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581", "reference_id": "844581", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581" }, { "reference_url": "http://www.securityfocus.com/bid/94347", "reference_id": "94347", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/" } ], "url": "http://www.securityfocus.com/bid/94347" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9318", "reference_id": "CVE-2016-9318", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9318" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=772726", "reference_id": "show_bug.cgi?id=772726", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/" } ], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=772726" }, { "reference_url": "https://usn.ubuntu.com/3739-2/", "reference_id": "USN-3739-2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/" } ], "url": "https://usn.ubuntu.com/3739-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2016-9318" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtp3-a1g7-8kgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33329?format=api", "vulnerability_id": "VCID-qv3r-ppuc-zycz", "summary": "libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation\nxmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.\nThe Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.64751", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.64734", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.6472", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.64672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.6474", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.64712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00473", "scoring_system": "epss", "scoring_elements": "0.6475", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65326", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65401", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65375", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-7595" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1992", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1992" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7595" }, { "reference_url": "https://security.gentoo.org/glsa/202010-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://security.gentoo.org/glsa/202010-04" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200702-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20200702-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200702-0005/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200702-0005/" }, { "reference_url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08" }, { "reference_url": "https://usn.ubuntu.com/4274-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4274-1" }, { "reference_url": "https://usn.ubuntu.com/4274-1/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://usn.ubuntu.com/4274-1/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799786", "reference_id": "1799786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799786" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/", "reference_id": "545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "reference_id": "5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582", "reference_id": "949582", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582" }, { "reference_url": "https://security.archlinux.org/ASA-202011-15", "reference_id": "ASA-202011-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-15" }, { "reference_url": "https://security.archlinux.org/AVG-1263", "reference_id": "AVG-1263", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1263" }, { "reference_url": "https://github.com/advisories/GHSA-7553-jr98-vx47", "reference_id": "GHSA-7553-jr98-vx47", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7553-jr98-vx47" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "reference_id": "JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3996", "reference_id": "RHSA-2020:3996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4479", "reference_id": "RHSA-2020:4479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2020-7595", "GHSA-7553-jr98-vx47" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qv3r-ppuc-zycz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10893?format=api", "vulnerability_id": "VCID-rsvx-3f49-v3an", "summary": "Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)\nA flaw was found in libxml2. By exploiting an exponential entity expansion attack its possible bypassing all existing protection mechanisms and lead to a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18918", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18822", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18921", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1887", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19054", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19106", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18828", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18962", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.18968", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3541" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0007/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603", "reference_id": "988603", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603" }, { "reference_url": "https://security.archlinux.org/AVG-1883", "reference_id": "AVG-1883", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1883" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541", "reference_id": "CVE-2021-3541", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3541" }, { "reference_url": "https://security.gentoo.org/glsa/202107-05", "reference_id": "GLSA-202107-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2569", "reference_id": "RHSA-2021:2569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1389", "reference_id": "RHSA-2022:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1390", "reference_id": "RHSA-2022:1390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "reference_url": "https://usn.ubuntu.com/4991-1/", "reference_id": "USN-4991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2021-3541" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsvx-3f49-v3an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14289?format=api", "vulnerability_id": "VCID-s9r4-a3uz-4yhp", "summary": "Integer Overflow or Wraparound\nIn libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22481", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22543", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22562", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22521", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22466", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22407", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22489", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2302", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526", "reference_id": "1010526", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082158", "reference_id": "2082158", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082158" }, { "reference_url": "https://security.archlinux.org/AVG-2726", "reference_id": "AVG-2726", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2726" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29824", "reference_id": "CVE-2022-29824", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29824" }, { "reference_url": "https://security.gentoo.org/glsa/202210-03", "reference_id": "GLSA-202210-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5250", "reference_id": "RHSA-2022:5250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5317", "reference_id": "RHSA-2022:5317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5422-1/", "reference_id": "USN-5422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2022-29824" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9r4-a3uz-4yhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9765?format=api", "vulnerability_id": "VCID-t53m-6vvr-27cf", "summary": "Loop with Unreachable Exit Condition ('Infinite Loop')\nlibxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71451", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71459", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71476", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71449", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71489", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71501", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71524", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71508", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.7149", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00677", "scoring_system": "epss", "scoring_elements": "0.71536", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619875", "reference_id": "1619875", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1619875" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567", "reference_id": "CVE-2018-14567", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2018-14567" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t53m-6vvr-27cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57378?format=api", "vulnerability_id": "VCID-udew-3gre-13hy", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39746", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39762", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39768", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39687", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39741", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39755", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39765", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39729", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39712", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3" }, { "reference_url": "https://nokogiri.org/CHANGELOG.html#1139-2022-10-18", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nokogiri.org/CHANGELOG.html#1139-2022-10-18" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224", "reference_id": "1022224", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/21", "reference_id": "21", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/21" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136266", "reference_id": "2136266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2136266" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/24", "reference_id": "24", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/24" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/25", "reference_id": "25", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/25" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/26", "reference_id": "26", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/26" }, { "reference_url": "http://seclists.org/fulldisclosure/2022/Dec/27", "reference_id": "27", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "http://seclists.org/fulldisclosure/2022/Dec/27" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40303", "reference_id": "CVE-2022-40303", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40303" }, { "reference_url": "https://security.gentoo.org/glsa/202210-39", "reference_id": "GLSA-202210-39", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-39" }, { "reference_url": "https://support.apple.com/kb/HT213531", "reference_id": "HT213531", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "https://support.apple.com/kb/HT213531" }, { "reference_url": "https://support.apple.com/kb/HT213533", "reference_id": "HT213533", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "https://support.apple.com/kb/HT213533" }, { "reference_url": "https://support.apple.com/kb/HT213534", "reference_id": "HT213534", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "https://support.apple.com/kb/HT213534" }, { "reference_url": "https://support.apple.com/kb/HT213535", "reference_id": "HT213535", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "https://support.apple.com/kb/HT213535" }, { "reference_url": "https://support.apple.com/kb/HT213536", "reference_id": "HT213536", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "https://support.apple.com/kb/HT213536" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221209-0003/", "reference_id": "ntap-20221209-0003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20221209-0003/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0173", "reference_id": "RHSA-2023:0173", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0338", "reference_id": "RHSA-2023:0338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0413", "reference_id": "RHSA-2024:0413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0413" }, { "reference_url": "https://usn.ubuntu.com/5760-1/", "reference_id": "USN-5760-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5760-1/" }, { "reference_url": "https://usn.ubuntu.com/5760-2/", "reference_id": "USN-5760-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5760-2/" }, { "reference_url": "https://usn.ubuntu.com/7659-1/", "reference_id": "USN-7659-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7659-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2022-40303" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-udew-3gre-13hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81686?format=api", "vulnerability_id": "VCID-ugyh-dycm-3bc3", "summary": "libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36116", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.3601", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36204", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36231", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36066", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36115", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36133", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.3614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36102", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00154", "scoring_system": "epss", "scoring_elements": "0.36075", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788856", "reference_id": "1788856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1788856" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549", "reference_id": "5a02583c7e683896d84878bd90641d8d9b0d0549", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/", "reference_id": "5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19956", "reference_id": "CVE-2019-19956", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19956" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/", "reference_id": "JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html", "reference_id": "msg00005.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html", "reference_id": "msg00032.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200114-0002/", "reference_id": "ntap-20200114-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20200114-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3996", "reference_id": "RHSA-2020:3996", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3996" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4479", "reference_id": "RHSA-2020:4479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2019-19956" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugyh-dycm-3bc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44705?format=api", "vulnerability_id": "VCID-vf7b-s3y3-sfhw", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29551", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29532", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29584", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34299", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33927", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.3626", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36337", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36309", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3537" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/" }, { "reference_url": "https://nokogiri.org/CHANGELOG.html#1114-2021-05-14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nokogiri.org/CHANGELOG.html#1114-2021-05-14" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3537" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210625-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210625-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210625-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210625-0002/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123", "reference_id": "988123", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123" }, { "reference_url": "https://security.archlinux.org/AVG-1883", "reference_id": "AVG-1883", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1883" }, { "reference_url": "https://github.com/advisories/GHSA-286v-pcf5-25rc", "reference_id": "GHSA-286v-pcf5-25rc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-286v-pcf5-25rc" }, { "reference_url": "https://security.gentoo.org/glsa/202107-05", "reference_id": "GLSA-202107-05", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202107-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2569", "reference_id": "RHSA-2021:2569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1389", "reference_id": "RHSA-2022:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1390", "reference_id": "RHSA-2022:1390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "reference_url": "https://usn.ubuntu.com/4991-1/", "reference_id": "USN-4991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2021-3537", "GHSA-286v-pcf5-25rc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vf7b-s3y3-sfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8947?format=api", "vulnerability_id": "VCID-wc4g-sxyq-ubcd", "summary": "Allocation of Resources Without Limits or Throttling\nThe xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18258", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73914", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73872", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73824", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.7388", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73898", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73863", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73829", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0079", "scoring_system": "epss", "scoring_elements": "0.73833", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-18258" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10284" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190719-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190719-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190719-0001/" }, { "reference_url": "https://usn.ubuntu.com/3739-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3739-1" }, { "reference_url": "https://usn.ubuntu.com/3739-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3739-1/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749", "reference_id": "1566749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245", "reference_id": "895245", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245" }, { "reference_url": "https://security.archlinux.org/AVG-671", "reference_id": "AVG-671", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-671" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258", "reference_id": "CVE-2017-18258", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258" }, { "reference_url": "https://github.com/advisories/GHSA-882p-jqgm-f45g", "reference_id": "GHSA-882p-jqgm-f45g", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-882p-jqgm-f45g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2017-18258", "GHSA-882p-jqgm-f45g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17375?format=api", "vulnerability_id": "VCID-x9ej-7dcq-tub2", "summary": "Double Free\nAn issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29469", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2209", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21959", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2214", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21991", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22046", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22061", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2202", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2196", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29469" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/510", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/510" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/" } ], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html" }, { "reference_url": "https://nokogiri.org/CHANGELOG.html#1143-2023-04-11", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nokogiri.org/CHANGELOG.html#1143-2023-04-11" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437", "reference_id": "1034437", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185984", "reference_id": "2185984", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185984" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", "reference_id": "CVE-2023-29469", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29469" }, { "reference_url": "https://security.gentoo.org/glsa/202402-11", "reference_id": "GLSA-202402-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-11" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230601-0006/", "reference_id": "ntap-20230601-0006", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230601-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4349", "reference_id": "RHSA-2023:4349", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4349" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4529", "reference_id": "RHSA-2023:4529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0413", "reference_id": "RHSA-2024:0413", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0413" }, { "reference_url": "https://usn.ubuntu.com/6028-1/", "reference_id": "USN-6028-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6028-1/" }, { "reference_url": "https://usn.ubuntu.com/6028-2/", "reference_id": "USN-6028-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6028-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2023-29469" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ej-7dcq-tub2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44701?format=api", "vulnerability_id": "VCID-xps8-1a3r-wke6", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of\n which could result in a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56934", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56985", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56988", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56995", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57651", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57545", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57629", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58327", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.5836", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58347", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/230" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225", "reference_id": "1954225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1954225" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739", "reference_id": "987739", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739" }, { "reference_url": "https://security.archlinux.org/AVG-1883", "reference_id": "AVG-1883", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1883" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516", "reference_id": "CVE-2021-3516", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3516" }, { "reference_url": "https://security.gentoo.org/glsa/202107-05", "reference_id": "GLSA-202107-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2569", "reference_id": "RHSA-2021:2569", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2569" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1389", "reference_id": "RHSA-2022:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1390", "reference_id": "RHSA-2022:1390", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1390" }, { "reference_url": "https://usn.ubuntu.com/4991-1/", "reference_id": "USN-4991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2021-3516" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xps8-1a3r-wke6" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61905?format=api", "vulnerability_id": "VCID-3whx-6t3e-7beq", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of\n which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86361", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86443", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86434", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86432", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86426", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86372", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86389", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.86391", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.8641", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02935", "scoring_system": "epss", "scoring_elements": "0.8642", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5969" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html" }, { "reference_url": "https://security.gentoo.org/glsa/201711-01", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201711-01" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/11/05/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2016/11/05/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/02/13/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/02/13/1" }, { "reference_url": "http://www.securityfocus.com/bid/96188", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96188" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421996", "reference_id": "1421996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421996" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001", "reference_id": "855001", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5969", "reference_id": "CVE-2017-5969", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5969" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-5969" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3whx-6t3e-7beq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8801?format=api", "vulnerability_id": "VCID-4hws-gtxr-3bge", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nBuffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7376", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97211", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97247", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97238", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97239", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97216", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97223", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97233", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97234", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38432", "scoring_system": "epss", "scoring_elements": "0.97237", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462216", "reference_id": "1462216", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462216" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865", "reference_id": "870865", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7376", "reference_id": "CVE-2017-7376", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7376" }, { "reference_url": "https://usn.ubuntu.com/3424-1/", "reference_id": "USN-3424-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-1/" }, { "reference_url": "https://usn.ubuntu.com/3424-2/", "reference_id": "USN-3424-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035584?format=api", "purl": "pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-2b1g-gp84-87e8" }, { "vulnerability": "VCID-2j62-5rjn-vyeu" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-33n1-125n-63h6" }, { "vulnerability": "VCID-3d1e-enaq-q3cx" }, { "vulnerability": "VCID-3s4n-twju-b3dw" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-51f2-w9b7-9fb4" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-69ff-ngna-mkbv" }, { "vulnerability": "VCID-6h9f-6pmg-3fh3" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-7h3p-7ej2-17f1" }, { "vulnerability": "VCID-7rzw-9jj5-4ybk" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-9p2f-ynzb-r3gj" }, { "vulnerability": "VCID-9q49-2srz-rkg7" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ah8e-sxuu-jqcw" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-b5tz-9s1v-pkg7" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bk98-bfkg-7bdt" }, { "vulnerability": "VCID-bp8r-8jjt-hygw" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-cgfv-pps6-6khd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-e9c3-5gws-u3fp" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ecde-c15q-ukh1" }, { "vulnerability": "VCID-eebz-xjem-cygz" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-ghaf-ynsg-uuea" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-gxsm-qvkt-gygy" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-ked7-5tjg-nudx" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-netm-9gxh-3yh4" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-r7q9-7u4b-83cz" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s3j9-1zq5-zkf5" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-t9pa-yw9s-kqb9" }, { "vulnerability": "VCID-tazr-2qgq-77fy" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-tyk2-gq2c-bbcn" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vcq9-93xd-nfbe" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-wj66-7n6c-9kam" }, { "vulnerability": "VCID-wtxh-xxp2-d3hr" }, { "vulnerability": "VCID-wy5v-dsp3-a7aa" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036961?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-7376" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hws-gtxr-3bge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8761?format=api", "vulnerability_id": "VCID-57yv-ay7b-v7ev", "summary": "Out-of-bounds Write\nAn integer overflow in xmlmemory.c in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5130.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5130.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5130", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78655", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78576", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78583", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78614", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78621", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78628", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01165", "scoring_system": "epss", "scoring_elements": "0.78627", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/101482", "reference_id": "101482", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/" } ], "url": "http://www.securityfocus.com/bid/101482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503537", "reference_id": "1503537", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503537" }, { "reference_url": "https://crbug.com/722079", "reference_id": "722079", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/" } ], "url": "https://crbug.com/722079" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880000", "reference_id": "880000", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880000" }, { "reference_url": "https://security.archlinux.org/ASA-201710-27", "reference_id": "ASA-201710-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-27" }, { "reference_url": "https://security.archlinux.org/AVG-456", "reference_id": "AVG-456", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-456" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5130", "reference_id": "CVE-2017-5130", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5130" }, { "reference_url": "https://security.gentoo.org/glsa/201710-24", "reference_id": "GLSA-201710-24", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/" } ], "url": "https://security.gentoo.org/glsa/201710-24" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed", "reference_id": "?id=897dffbae322b46b83f99a607d527058a72c51ed", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html", "reference_id": "msg00034.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2997", "reference_id": "RHSA-2017:2997", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2017:2997" }, { "reference_url": "http://bugzilla.gnome.org/show_bug.cgi?id=783026", "reference_id": "show_bug.cgi?id=783026", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/" } ], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=783026" }, { "reference_url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html", "reference_id": "stable-channel-update-for-desktop.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/" } ], "url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-5130" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57yv-ay7b-v7ev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8804?format=api", "vulnerability_id": "VCID-8tej-h12t-2fag", "summary": "Improper Restriction of XML External Entity Reference\nA flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7375", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48873", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48754", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48818", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48773", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48827", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48824", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48841", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.48823", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", "reference_id": "1462203", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203" }, { "reference_url": "https://source.android.com/security/bulletin/2017-06-01", "reference_id": "2017-06-01", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/" } ], "url": "https://source.android.com/security/bulletin/2017-06-01" }, { "reference_url": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", "reference_id": "308396a55280f69ad4112d4f9892f4cbeff042aa", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/" } ], "url": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867", "reference_id": "870867", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867" }, { "reference_url": "http://www.securityfocus.com/bid/98877", "reference_id": "98877", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/" } ], "url": "http://www.securityfocus.com/bid/98877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7375", "reference_id": "CVE-2017-7375", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7375" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3952", "reference_id": "dsa-3952", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/" } ], "url": "https://www.debian.org/security/2017/dsa-3952" }, { "reference_url": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", "reference_id": "?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/" } ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e" }, { "reference_url": "https://usn.ubuntu.com/3424-1/", "reference_id": "USN-3424-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-1/" }, { "reference_url": "https://usn.ubuntu.com/3424-2/", "reference_id": "USN-3424-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035584?format=api", "purl": "pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-2b1g-gp84-87e8" }, { "vulnerability": "VCID-2j62-5rjn-vyeu" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-33n1-125n-63h6" }, { "vulnerability": "VCID-3d1e-enaq-q3cx" }, { "vulnerability": "VCID-3s4n-twju-b3dw" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-51f2-w9b7-9fb4" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-69ff-ngna-mkbv" }, { "vulnerability": "VCID-6h9f-6pmg-3fh3" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-7h3p-7ej2-17f1" }, { "vulnerability": "VCID-7rzw-9jj5-4ybk" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-9p2f-ynzb-r3gj" }, { "vulnerability": "VCID-9q49-2srz-rkg7" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ah8e-sxuu-jqcw" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-b5tz-9s1v-pkg7" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bk98-bfkg-7bdt" }, { "vulnerability": "VCID-bp8r-8jjt-hygw" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-cgfv-pps6-6khd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-e9c3-5gws-u3fp" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ecde-c15q-ukh1" }, { "vulnerability": "VCID-eebz-xjem-cygz" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-ghaf-ynsg-uuea" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-gxsm-qvkt-gygy" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-ked7-5tjg-nudx" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-netm-9gxh-3yh4" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-r7q9-7u4b-83cz" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s3j9-1zq5-zkf5" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-t9pa-yw9s-kqb9" }, { "vulnerability": "VCID-tazr-2qgq-77fy" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-tyk2-gq2c-bbcn" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vcq9-93xd-nfbe" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-wj66-7n6c-9kam" }, { "vulnerability": "VCID-wtxh-xxp2-d3hr" }, { "vulnerability": "VCID-wy5v-dsp3-a7aa" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036961?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-7375" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tej-h12t-2fag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8545?format=api", "vulnerability_id": "VCID-gvmn-4dtv-8qcj", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nparser.c in libxml2 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.81939", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.82042", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.82023", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.82012", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.82006", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.8195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.81973", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.81969", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.81996", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0165", "scoring_system": "epss", "scoring_elements": "0.82004", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-16931" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=766956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=766956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "http://xmlsoft.org/news.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://xmlsoft.org/news.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517307", "reference_id": "1517307", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517307" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16931", "reference_id": "CVE-2017-16931", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16931" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-16931" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvmn-4dtv-8qcj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7928?format=api", "vulnerability_id": "VCID-mm88-amve-quh6", "summary": "Out-of-bounds Read\nThe htmlParseTryOrFinish function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (buffer over-read) or information disclosure.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8872.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8872.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.393", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39477", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39461", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39485", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39399", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39454", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.3947", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39481", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39442", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00178", "scoring_system": "epss", "scoring_elements": "0.39425", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8872" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=775200", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:59:00Z/" } ], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=775200" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:59:00Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449541", "reference_id": "1449541", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449541" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450", "reference_id": "862450", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8872", "reference_id": "CVE-2017-8872", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "9.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8872" }, { "reference_url": "https://usn.ubuntu.com/4991-1/", "reference_id": "USN-4991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-8872" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mm88-amve-quh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7950?format=api", "vulnerability_id": "VCID-qqte-z1e6-xuh7", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nA buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.85805", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.85779", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.85793", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.8579", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0266", "scoring_system": "epss", "scoring_elements": "0.85787", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02891", "scoring_system": "epss", "scoring_elements": "0.86261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02891", "scoring_system": "epss", "scoring_elements": "0.86298", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02891", "scoring_system": "epss", "scoring_elements": "0.86279", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02891", "scoring_system": "epss", "scoring_elements": "0.86278", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03032", "scoring_system": "epss", "scoring_elements": "0.86594", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452554", "reference_id": "1452554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452554" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022", "reference_id": "863022", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9047", "reference_id": "CVE-2017-9047", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9047" }, { "reference_url": "https://usn.ubuntu.com/3424-1/", "reference_id": "USN-3424-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-1/" }, { "reference_url": "https://usn.ubuntu.com/3424-2/", "reference_id": "USN-3424-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035584?format=api", "purl": "pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-2b1g-gp84-87e8" }, { "vulnerability": "VCID-2j62-5rjn-vyeu" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-33n1-125n-63h6" }, { "vulnerability": "VCID-3d1e-enaq-q3cx" }, { "vulnerability": "VCID-3s4n-twju-b3dw" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-51f2-w9b7-9fb4" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-69ff-ngna-mkbv" }, { "vulnerability": "VCID-6h9f-6pmg-3fh3" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-7h3p-7ej2-17f1" }, { "vulnerability": "VCID-7rzw-9jj5-4ybk" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-9p2f-ynzb-r3gj" }, { "vulnerability": "VCID-9q49-2srz-rkg7" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ah8e-sxuu-jqcw" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-b5tz-9s1v-pkg7" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bk98-bfkg-7bdt" }, { "vulnerability": "VCID-bp8r-8jjt-hygw" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-cgfv-pps6-6khd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-e9c3-5gws-u3fp" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ecde-c15q-ukh1" }, { "vulnerability": "VCID-eebz-xjem-cygz" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-ghaf-ynsg-uuea" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-gxsm-qvkt-gygy" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-ked7-5tjg-nudx" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-netm-9gxh-3yh4" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-r7q9-7u4b-83cz" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s3j9-1zq5-zkf5" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-t9pa-yw9s-kqb9" }, { "vulnerability": "VCID-tazr-2qgq-77fy" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-tyk2-gq2c-bbcn" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vcq9-93xd-nfbe" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-wj66-7n6c-9kam" }, { "vulnerability": "VCID-wtxh-xxp2-d3hr" }, { "vulnerability": "VCID-wy5v-dsp3-a7aa" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036961?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-9047" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qqte-z1e6-xuh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61904?format=api", "vulnerability_id": "VCID-qxwq-xwaw-nyak", "summary": "Multiple vulnerabilities have been found in libxml2, the worst of\n which could result in the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-0663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77393", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77488", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77451", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77448", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77399", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77426", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77405", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77436", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77445", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77471", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-0663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462225", "reference_id": "1462225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462225" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870", "reference_id": "870870", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870" }, { "reference_url": "https://usn.ubuntu.com/3424-1/", "reference_id": "USN-3424-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-1/" }, { "reference_url": "https://usn.ubuntu.com/3424-2/", "reference_id": "USN-3424-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035584?format=api", "purl": "pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-2b1g-gp84-87e8" }, { "vulnerability": "VCID-2j62-5rjn-vyeu" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-33n1-125n-63h6" }, { "vulnerability": "VCID-3d1e-enaq-q3cx" }, { "vulnerability": "VCID-3s4n-twju-b3dw" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-51f2-w9b7-9fb4" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-69ff-ngna-mkbv" }, { "vulnerability": "VCID-6h9f-6pmg-3fh3" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-7h3p-7ej2-17f1" }, { "vulnerability": "VCID-7rzw-9jj5-4ybk" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-9p2f-ynzb-r3gj" }, { "vulnerability": "VCID-9q49-2srz-rkg7" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ah8e-sxuu-jqcw" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-b5tz-9s1v-pkg7" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bk98-bfkg-7bdt" }, { "vulnerability": "VCID-bp8r-8jjt-hygw" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-cgfv-pps6-6khd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-e9c3-5gws-u3fp" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ecde-c15q-ukh1" }, { "vulnerability": "VCID-eebz-xjem-cygz" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-ghaf-ynsg-uuea" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-gxsm-qvkt-gygy" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-ked7-5tjg-nudx" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-netm-9gxh-3yh4" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-r7q9-7u4b-83cz" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s3j9-1zq5-zkf5" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-t9pa-yw9s-kqb9" }, { "vulnerability": "VCID-tazr-2qgq-77fy" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-tyk2-gq2c-bbcn" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vcq9-93xd-nfbe" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-wj66-7n6c-9kam" }, { "vulnerability": "VCID-wtxh-xxp2-d3hr" }, { "vulnerability": "VCID-wy5v-dsp3-a7aa" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036961?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-0663" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxwq-xwaw-nyak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7949?format=api", "vulnerability_id": "VCID-rhgj-t5cp-wkbh", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nlibxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00601", "scoring_system": "epss", "scoring_elements": "0.69523", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00601", "scoring_system": "epss", "scoring_elements": "0.69492", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00601", "scoring_system": "epss", "scoring_elements": "0.69513", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00601", "scoring_system": "epss", "scoring_elements": "0.69498", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00601", "scoring_system": "epss", "scoring_elements": "0.69484", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69903", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69911", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69898", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00618", "scoring_system": "epss", "scoring_elements": "0.69951", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452549", "reference_id": "1452549", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452549" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021", "reference_id": "863021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021" }, { "reference_url": "http://www.securityfocus.com/bid/98556", "reference_id": "98556", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T11:40:41Z/" } ], "url": "http://www.securityfocus.com/bid/98556" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9048", "reference_id": "CVE-2017-9048", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9048" }, { "reference_url": "https://usn.ubuntu.com/3424-1/", "reference_id": "USN-3424-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-1/" }, { "reference_url": "https://usn.ubuntu.com/3424-2/", "reference_id": "USN-3424-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035584?format=api", "purl": "pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-2b1g-gp84-87e8" }, { "vulnerability": "VCID-2j62-5rjn-vyeu" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-33n1-125n-63h6" }, { "vulnerability": "VCID-3d1e-enaq-q3cx" }, { "vulnerability": "VCID-3s4n-twju-b3dw" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-51f2-w9b7-9fb4" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-69ff-ngna-mkbv" }, { "vulnerability": "VCID-6h9f-6pmg-3fh3" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-7h3p-7ej2-17f1" }, { "vulnerability": "VCID-7rzw-9jj5-4ybk" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-9p2f-ynzb-r3gj" }, { "vulnerability": "VCID-9q49-2srz-rkg7" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ah8e-sxuu-jqcw" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-b5tz-9s1v-pkg7" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bk98-bfkg-7bdt" }, { "vulnerability": "VCID-bp8r-8jjt-hygw" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-cgfv-pps6-6khd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-e9c3-5gws-u3fp" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ecde-c15q-ukh1" }, { "vulnerability": "VCID-eebz-xjem-cygz" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-ghaf-ynsg-uuea" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-gxsm-qvkt-gygy" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-ked7-5tjg-nudx" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-netm-9gxh-3yh4" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-r7q9-7u4b-83cz" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s3j9-1zq5-zkf5" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-t9pa-yw9s-kqb9" }, { "vulnerability": "VCID-tazr-2qgq-77fy" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-tyk2-gq2c-bbcn" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vcq9-93xd-nfbe" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-wj66-7n6c-9kam" }, { "vulnerability": "VCID-wtxh-xxp2-d3hr" }, { "vulnerability": "VCID-wy5v-dsp3-a7aa" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036961?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-9048" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rhgj-t5cp-wkbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14289?format=api", "vulnerability_id": "VCID-s9r4-a3uz-4yhp", "summary": "Integer Overflow or Wraparound\nIn libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29824", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22481", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22543", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22562", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22521", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22466", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22407", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00074", "scoring_system": "epss", "scoring_elements": "0.22489", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2302", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29824" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14" }, { "reference_url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gitlab.gnome.org/GNOME/libxslt/-/tags" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526", "reference_id": "1010526", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082158", "reference_id": "2082158", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082158" }, { "reference_url": "https://security.archlinux.org/AVG-2726", "reference_id": "AVG-2726", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2726" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29824", "reference_id": "CVE-2022-29824", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29824" }, { "reference_url": "https://security.gentoo.org/glsa/202210-03", "reference_id": "GLSA-202210-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5250", "reference_id": "RHSA-2022:5250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5317", "reference_id": "RHSA-2022:5317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5422-1/", "reference_id": "USN-5422-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5422-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1050248?format=api", "purl": "pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-62bb-e8vk-7uh4" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-d1ar-1945-sygd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-knx8-5fpz-zbgn" }, { "vulnerability": "VCID-nj3a-zqw9-6bga" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4" } ], "aliases": [ "CVE-2022-29824" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9r4-a3uz-4yhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9793?format=api", "vulnerability_id": "VCID-tn87-vke6-kuf6", "summary": "Use After Free\nUse after free in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3401", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:3401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0287", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:0287" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15412", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01891", "scoring_system": "epss", "scoring_elements": "0.83174", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01891", "scoring_system": "epss", "scoring_elements": "0.83223", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01891", "scoring_system": "epss", "scoring_elements": "0.83149", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01891", "scoring_system": "epss", "scoring_elements": "0.83187", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01891", "scoring_system": "epss", "scoring_elements": "0.83191", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01891", "scoring_system": "epss", "scoring_elements": "0.83197", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01891", "scoring_system": "epss", "scoring_elements": "0.83181", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01943", "scoring_system": "epss", "scoring_elements": "0.8337", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01943", "scoring_system": "epss", "scoring_elements": "0.83398", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01943", "scoring_system": "epss", "scoring_elements": "0.83383", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15412" }, { "reference_url": "https://bugzilla.gnome.org/show_bug.cgi?id=783160", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=783160" }, { "reference_url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" }, { "reference_url": "https://crbug.com/727039", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://crbug.com/727039" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1714", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1714" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html" }, { "reference_url": "https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4086", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4086" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523128", "reference_id": "1523128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1523128" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790", "reference_id": "883790", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790" }, { "reference_url": "https://security.archlinux.org/ASA-201712-5", "reference_id": "ASA-201712-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201712-5" }, { "reference_url": "https://security.archlinux.org/AVG-544", "reference_id": "AVG-544", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-544" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412", "reference_id": "CVE-2017-15412", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15412" }, { "reference_url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html", "reference_id": "CVE-2017-15412.HTML", "reference_type": "", "scores": [], "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html" }, { "reference_url": "https://github.com/advisories/GHSA-r58r-74gx-6wx3", "reference_id": "GHSA-r58r-74gx-6wx3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r58r-74gx-6wx3" }, { "reference_url": "https://security.gentoo.org/glsa/201801-03", "reference_id": "GLSA-201801-03", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201801-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1190", "reference_id": "RHSA-2020:1190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1190" }, { "reference_url": "https://usn.ubuntu.com/3513-1/", "reference_id": "USN-3513-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3513-1/" }, { "reference_url": "https://usn.ubuntu.com/3513-2/", "reference_id": "USN-3513-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3513-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035584?format=api", "purl": "pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-2b1g-gp84-87e8" }, { "vulnerability": "VCID-2j62-5rjn-vyeu" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-33n1-125n-63h6" }, { "vulnerability": "VCID-3d1e-enaq-q3cx" }, { "vulnerability": "VCID-3s4n-twju-b3dw" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-51f2-w9b7-9fb4" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-69ff-ngna-mkbv" }, { "vulnerability": "VCID-6h9f-6pmg-3fh3" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-7h3p-7ej2-17f1" }, { "vulnerability": "VCID-7rzw-9jj5-4ybk" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-9p2f-ynzb-r3gj" }, { "vulnerability": "VCID-9q49-2srz-rkg7" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ah8e-sxuu-jqcw" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-b5tz-9s1v-pkg7" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bk98-bfkg-7bdt" }, { "vulnerability": "VCID-bp8r-8jjt-hygw" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-cgfv-pps6-6khd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-e9c3-5gws-u3fp" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ecde-c15q-ukh1" }, { "vulnerability": "VCID-eebz-xjem-cygz" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-ghaf-ynsg-uuea" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-gxsm-qvkt-gygy" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-ked7-5tjg-nudx" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-netm-9gxh-3yh4" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-r7q9-7u4b-83cz" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s3j9-1zq5-zkf5" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-t9pa-yw9s-kqb9" }, { "vulnerability": "VCID-tazr-2qgq-77fy" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-tyk2-gq2c-bbcn" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vcq9-93xd-nfbe" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-wj66-7n6c-9kam" }, { "vulnerability": "VCID-wtxh-xxp2-d3hr" }, { "vulnerability": "VCID-wy5v-dsp3-a7aa" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036961?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-15412", "GHSA-r58r-74gx-6wx3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tn87-vke6-kuf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7951?format=api", "vulnerability_id": "VCID-ymhr-ads4-qqdp", "summary": "Out-of-bounds Read\nlibxml2 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9049.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9049.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63902", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.6402", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63961", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63989", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63948", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63999", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64016", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64028", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.64014", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00458", "scoring_system": "epss", "scoring_elements": "0.63985", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452556", "reference_id": "1452556", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452556" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019", "reference_id": "863019", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019" }, { "reference_url": "http://www.securityfocus.com/bid/98601", "reference_id": "98601", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:20:28Z/" } ], "url": "http://www.securityfocus.com/bid/98601" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9049", "reference_id": "CVE-2017-9049", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9049" }, { "reference_url": "https://usn.ubuntu.com/3424-1/", "reference_id": "USN-3424-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-1/" }, { "reference_url": "https://usn.ubuntu.com/3424-2/", "reference_id": "USN-3424-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035584?format=api", "purl": "pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-2b1g-gp84-87e8" }, { "vulnerability": "VCID-2j62-5rjn-vyeu" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-33n1-125n-63h6" }, { "vulnerability": "VCID-3d1e-enaq-q3cx" }, { "vulnerability": "VCID-3s4n-twju-b3dw" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-51f2-w9b7-9fb4" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-69ff-ngna-mkbv" }, { "vulnerability": "VCID-6h9f-6pmg-3fh3" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-7h3p-7ej2-17f1" }, { "vulnerability": "VCID-7rzw-9jj5-4ybk" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-9p2f-ynzb-r3gj" }, { "vulnerability": "VCID-9q49-2srz-rkg7" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ah8e-sxuu-jqcw" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-b5tz-9s1v-pkg7" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bk98-bfkg-7bdt" }, { "vulnerability": "VCID-bp8r-8jjt-hygw" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-cgfv-pps6-6khd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-e9c3-5gws-u3fp" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ecde-c15q-ukh1" }, { "vulnerability": "VCID-eebz-xjem-cygz" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-ghaf-ynsg-uuea" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-gxsm-qvkt-gygy" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-ked7-5tjg-nudx" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-netm-9gxh-3yh4" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-r7q9-7u4b-83cz" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s3j9-1zq5-zkf5" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-t9pa-yw9s-kqb9" }, { "vulnerability": "VCID-tazr-2qgq-77fy" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-tyk2-gq2c-bbcn" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vcq9-93xd-nfbe" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-wj66-7n6c-9kam" }, { "vulnerability": "VCID-wtxh-xxp2-d3hr" }, { "vulnerability": "VCID-wy5v-dsp3-a7aa" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036961?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-9049" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ymhr-ads4-qqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7953?format=api", "vulnerability_id": "VCID-zm21-2pqq-3ker", "summary": "Out-of-bounds Read\nlibxml2 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9050.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9050.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9050", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54507", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54468", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54489", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54506", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54494", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.545", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54448", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54457", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54378", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54479", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9050" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/sparklemotion/nokogiri/issues/1673", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://github.com/sparklemotion/nokogiri/issues/1673" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://security.gentoo.org/glsa/201711-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/" } ], "url": "https://security.gentoo.org/glsa/201711-01" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3952", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/" } ], "url": "http://www.debian.org/security/2017/dsa-3952" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/05/15/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2017/05/15/1" }, { "reference_url": "http://www.securityfocus.com/bid/98568", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/" } ], "url": "http://www.securityfocus.com/bid/98568" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452553", "reference_id": "1452553", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452553" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018", "reference_id": "863018", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9050", "reference_id": "CVE-2017-9050", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9050" }, { "reference_url": "https://github.com/advisories/GHSA-8c56-cpmw-89x7", "reference_id": "GHSA-8c56-cpmw-89x7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c56-cpmw-89x7" }, { "reference_url": "https://usn.ubuntu.com/3424-1/", "reference_id": "USN-3424-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-1/" }, { "reference_url": "https://usn.ubuntu.com/3424-2/", "reference_id": "USN-3424-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3424-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035584?format=api", "purl": "pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-2b1g-gp84-87e8" }, { "vulnerability": "VCID-2j62-5rjn-vyeu" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-33n1-125n-63h6" }, { "vulnerability": "VCID-3d1e-enaq-q3cx" }, { "vulnerability": "VCID-3s4n-twju-b3dw" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-51f2-w9b7-9fb4" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-69ff-ngna-mkbv" }, { "vulnerability": "VCID-6h9f-6pmg-3fh3" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-7h3p-7ej2-17f1" }, { "vulnerability": "VCID-7rzw-9jj5-4ybk" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-9p2f-ynzb-r3gj" }, { "vulnerability": "VCID-9q49-2srz-rkg7" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ah8e-sxuu-jqcw" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-b5tz-9s1v-pkg7" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bk98-bfkg-7bdt" }, { "vulnerability": "VCID-bp8r-8jjt-hygw" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-cgfv-pps6-6khd" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-e9c3-5gws-u3fp" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ecde-c15q-ukh1" }, { "vulnerability": "VCID-eebz-xjem-cygz" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-ghaf-ynsg-uuea" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-gxsm-qvkt-gygy" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-ked7-5tjg-nudx" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-netm-9gxh-3yh4" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-r7q9-7u4b-83cz" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s3j9-1zq5-zkf5" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-t9pa-yw9s-kqb9" }, { "vulnerability": "VCID-tazr-2qgq-77fy" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-tyk2-gq2c-bbcn" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vcq9-93xd-nfbe" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-wj66-7n6c-9kam" }, { "vulnerability": "VCID-wtxh-xxp2-d3hr" }, { "vulnerability": "VCID-wy5v-dsp3-a7aa" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036961?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-3whx-6t3e-7beq" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4hws-gtxr-3bge" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-57yv-ay7b-v7ev" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-8tej-h12t-2fag" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-gvmn-4dtv-8qcj" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-mm88-amve-quh6" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qqte-z1e6-xuh7" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-qxwq-xwaw-nyak" }, { "vulnerability": "VCID-rhgj-t5cp-wkbh" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-tn87-vke6-kuf6" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" }, { "vulnerability": "VCID-ymhr-ads4-qqdp" }, { "vulnerability": "VCID-zm21-2pqq-3ker" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1038282?format=api", "purl": "pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-27jd-t23h-73f4" }, { "vulnerability": "VCID-31w8-13b6-8beh" }, { "vulnerability": "VCID-464a-typa-7qbu" }, { "vulnerability": "VCID-4m3j-qy8c-4uhk" }, { "vulnerability": "VCID-74y5-vcxn-2ygr" }, { "vulnerability": "VCID-782a-uast-nbch" }, { "vulnerability": "VCID-7bpp-2hvk-2udv" }, { "vulnerability": "VCID-8d2w-3c3p-zqaz" }, { "vulnerability": "VCID-9hqf-12yh-bkc8" }, { "vulnerability": "VCID-aasn-u7fd-8bhy" }, { "vulnerability": "VCID-ahha-vnq4-7qd2" }, { "vulnerability": "VCID-azzy-m5pc-qudn" }, { "vulnerability": "VCID-bejh-22y7-kuh6" }, { "vulnerability": "VCID-bz1e-1ypb-kkgg" }, { "vulnerability": "VCID-c9ds-faa9-t7be" }, { "vulnerability": "VCID-cbm2-cez4-bqgh" }, { "vulnerability": "VCID-d68t-f8j1-h3am" }, { "vulnerability": "VCID-drkd-yykc-ayge" }, { "vulnerability": "VCID-eb6k-ppfd-m7a3" }, { "vulnerability": "VCID-ek5d-m9pn-3fec" }, { "vulnerability": "VCID-hafa-bcpu-8uaj" }, { "vulnerability": "VCID-nuh8-qd25-ykan" }, { "vulnerability": "VCID-pdv9-xrh8-d3fz" }, { "vulnerability": "VCID-qh44-gavt-rbdw" }, { "vulnerability": "VCID-qp6y-dt1j-97df" }, { "vulnerability": "VCID-qpnt-xvgv-s3cq" }, { "vulnerability": "VCID-qtp3-a1g7-8kgw" }, { "vulnerability": "VCID-qv3r-ppuc-zycz" }, { "vulnerability": "VCID-rsvx-3f49-v3an" }, { "vulnerability": "VCID-s9r4-a3uz-4yhp" }, { "vulnerability": "VCID-t53m-6vvr-27cf" }, { "vulnerability": "VCID-udew-3gre-13hy" }, { "vulnerability": "VCID-ugyh-dycm-3bc3" }, { "vulnerability": "VCID-vf7b-s3y3-sfhw" }, { "vulnerability": "VCID-wc4g-sxyq-ubcd" }, { "vulnerability": "VCID-x9ej-7dcq-tub2" }, { "vulnerability": "VCID-xps8-1a3r-wke6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" } ], "aliases": [ "CVE-2017-9050", "GHSA-8c56-cpmw-89x7" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zm21-2pqq-3ker" } ], "risk_score": "4.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4" }