Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/libxml2@2.9.1-6.el7?arch=4
Typerpm
Namespaceredhat
Namelibxml2
Version2.9.1-6.el7
Qualifiers
arch 4
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3s4n-twju-b3dw
vulnerability_id VCID-3s4n-twju-b3dw
summary 
Uncontrolled Resource Consumption
The xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
references
0
reference_url http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
reference_id
reference_type
scores
url http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
1
reference_url http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
reference_id
reference_type
scores
url http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
2
reference_url http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
reference_id
reference_type
scores
url http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
3
reference_url http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
url http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html
5
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html
6
reference_url http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
7
reference_url http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2016-1089.html
9
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8035.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8035.json
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8035
reference_id
reference_type
scores
0
value 0.0108
scoring_system epss
scoring_elements 0.77793
published_at 2026-04-02T12:55:00Z
1
value 0.0108
scoring_system epss
scoring_elements 0.77787
published_at 2026-04-01T12:55:00Z
2
value 0.0108
scoring_system epss
scoring_elements 0.77821
published_at 2026-04-04T12:55:00Z
3
value 0.01104
scoring_system epss
scoring_elements 0.78108
published_at 2026-04-21T12:55:00Z
4
value 0.01104
scoring_system epss
scoring_elements 0.78079
published_at 2026-04-13T12:55:00Z
5
value 0.01104
scoring_system epss
scoring_elements 0.78114
published_at 2026-04-18T12:55:00Z
6
value 0.01104
scoring_system epss
scoring_elements 0.78043
published_at 2026-04-07T12:55:00Z
7
value 0.01104
scoring_system epss
scoring_elements 0.78069
published_at 2026-04-08T12:55:00Z
8
value 0.01104
scoring_system epss
scoring_elements 0.78073
published_at 2026-04-09T12:55:00Z
9
value 0.01104
scoring_system epss
scoring_elements 0.781
published_at 2026-04-11T12:55:00Z
10
value 0.01104
scoring_system epss
scoring_elements 0.78083
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8035
11
reference_url https://bugzilla.gnome.org/show_bug.cgi?id=757466
reference_id
reference_type
scores
url https://bugzilla.gnome.org/show_bug.cgi?id=757466
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
24
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
25
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
26
reference_url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
reference_id
reference_type
scores
url https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
27
reference_url https://support.apple.com/HT206166
reference_id
reference_type
scores
url https://support.apple.com/HT206166
28
reference_url https://support.apple.com/HT206167
reference_id
reference_type
scores
url https://support.apple.com/HT206167
29
reference_url https://support.apple.com/HT206168
reference_id
reference_type
scores
url https://support.apple.com/HT206168
30
reference_url https://support.apple.com/HT206169
reference_id
reference_type
scores
url https://support.apple.com/HT206169
31
reference_url http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url http://www.debian.org/security/2015/dsa-3430
32
reference_url http://www.openwall.com/lists/oss-security/2015/11/02/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/11/02/2
33
reference_url http://www.openwall.com/lists/oss-security/2015/11/02/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/11/02/4
34
reference_url http://www.openwall.com/lists/oss-security/2015/11/03/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2015/11/03/1
35
reference_url http://www.securityfocus.com/bid/77390
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/77390
36
reference_url http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1034243
37
reference_url http://www.ubuntu.com/usn/USN-2812-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-2812-1
38
reference_url http://xmlsoft.org/news.html
reference_id
reference_type
scores
url http://xmlsoft.org/news.html
39
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1277146
reference_id 1277146
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1277146
40
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803942
reference_id 803942
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803942
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.1:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8035
reference_id CVE-2015-8035
reference_type
scores
0
value 2.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:N/I:N/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2015-8035
50
reference_url https://security.gentoo.org/glsa/201701-37
reference_id GLSA-201701-37
reference_type
scores
url https://security.gentoo.org/glsa/201701-37
51
reference_url https://access.redhat.com/errata/RHSA-2016:1089
reference_id RHSA-2016:1089
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1089
52
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
53
reference_url https://usn.ubuntu.com/2812-1/
reference_id USN-2812-1
reference_type
scores
url https://usn.ubuntu.com/2812-1/
fixed_packages
aliases CVE-2015-8035
risk_score 1.1
exploitability 0.5
weighted_severity 2.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3s4n-twju-b3dw
1
url VCID-9q49-2srz-rkg7
vulnerability_id VCID-9q49-2srz-rkg7
summary 
Use After Free
Use-after-free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
references
0
reference_url http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
1
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
2
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
3
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
4
reference_url http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
5
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
6
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
7
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
8
reference_url http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
9
reference_url http://rhn.redhat.com/errata/RHSA-2016-1485.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://rhn.redhat.com/errata/RHSA-2016-1485.html
10
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5131.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5131.json
11
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-5131
reference_id
reference_type
scores
0
value 0.03868
scoring_system epss
scoring_elements 0.88223
published_at 2026-04-09T12:55:00Z
1
value 0.03868
scoring_system epss
scoring_elements 0.88239
published_at 2026-04-21T12:55:00Z
2
value 0.03868
scoring_system epss
scoring_elements 0.8824
published_at 2026-04-16T12:55:00Z
3
value 0.03868
scoring_system epss
scoring_elements 0.88226
published_at 2026-04-13T12:55:00Z
4
value 0.03868
scoring_system epss
scoring_elements 0.88198
published_at 2026-04-07T12:55:00Z
5
value 0.03868
scoring_system epss
scoring_elements 0.88227
published_at 2026-04-12T12:55:00Z
6
value 0.03868
scoring_system epss
scoring_elements 0.88234
published_at 2026-04-11T12:55:00Z
7
value 0.03868
scoring_system epss
scoring_elements 0.88217
published_at 2026-04-08T12:55:00Z
8
value 0.03971
scoring_system epss
scoring_elements 0.8833
published_at 2026-04-01T12:55:00Z
9
value 0.03971
scoring_system epss
scoring_elements 0.88338
published_at 2026-04-02T12:55:00Z
10
value 0.03971
scoring_system epss
scoring_elements 0.88352
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-5131
12
reference_url https://codereview.chromium.org/2127493002
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://codereview.chromium.org/2127493002
13
reference_url https://crbug.com/623378
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://crbug.com/623378
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705
16
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706
17
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707
18
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708
19
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709
20
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710
21
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711
22
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
23
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127
24
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128
25
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129
26
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130
27
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
28
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132
29
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133
30
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134
31
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135
32
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136
33
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137
34
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
35
reference_url https://source.android.com/security/bulletin/2017-05-01
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://source.android.com/security/bulletin/2017-05-01
36
reference_url https://support.apple.com/HT207141
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://support.apple.com/HT207141
37
reference_url https://support.apple.com/HT207142
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://support.apple.com/HT207142
38
reference_url https://support.apple.com/HT207143
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://support.apple.com/HT207143
39
reference_url https://support.apple.com/HT207170
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://support.apple.com/HT207170
40
reference_url http://www.debian.org/security/2016/dsa-3637
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://www.debian.org/security/2016/dsa-3637
41
reference_url http://www.securityfocus.com/bid/92053
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://www.securityfocus.com/bid/92053
42
reference_url http://www.securitytracker.com/id/1036428
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://www.securitytracker.com/id/1036428
43
reference_url http://www.securitytracker.com/id/1038623
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://www.securitytracker.com/id/1038623
44
reference_url http://www.ubuntu.com/usn/USN-3041-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url http://www.ubuntu.com/usn/USN-3041-1
45
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1358641
reference_id 1358641
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1358641
46
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554
reference_id 840554
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554
47
reference_url https://security.archlinux.org/ASA-201611-2
reference_id ASA-201611-2
reference_type
scores
url https://security.archlinux.org/ASA-201611-2
48
reference_url https://security.archlinux.org/AVG-56
reference_id AVG-56
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-56
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
reference_id cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
62
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
63
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
64
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
65
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
66
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5131
reference_id CVE-2016-5131
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2016-5131
67
reference_url https://security.gentoo.org/glsa/201610-09
reference_id GLSA-201610-09
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://security.gentoo.org/glsa/201610-09
68
reference_url https://security.gentoo.org/glsa/201701-37
reference_id GLSA-201701-37
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/
url https://security.gentoo.org/glsa/201701-37
69
reference_url https://access.redhat.com/errata/RHSA-2016:1485
reference_id RHSA-2016:1485
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:1485
70
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
71
reference_url https://usn.ubuntu.com/3041-1/
reference_id USN-3041-1
reference_type
scores
url https://usn.ubuntu.com/3041-1/
72
reference_url https://usn.ubuntu.com/3235-1/
reference_id USN-3235-1
reference_type
scores
url https://usn.ubuntu.com/3235-1/
fixed_packages
aliases CVE-2016-5131
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9q49-2srz-rkg7
2
url VCID-bejh-22y7-kuh6
vulnerability_id VCID-bejh-22y7-kuh6
summary 
NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:1543
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://access.redhat.com/errata/RHSA-2019:1543
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14404
reference_id
reference_type
scores
0
value 0.18492
scoring_system epss
scoring_elements 0.95206
published_at 2026-04-01T12:55:00Z
1
value 0.18492
scoring_system epss
scoring_elements 0.95218
published_at 2026-04-02T12:55:00Z
2
value 0.18492
scoring_system epss
scoring_elements 0.9522
published_at 2026-04-04T12:55:00Z
3
value 0.20012
scoring_system epss
scoring_elements 0.95468
published_at 2026-04-12T12:55:00Z
4
value 0.20012
scoring_system epss
scoring_elements 0.95486
published_at 2026-04-21T12:55:00Z
5
value 0.20012
scoring_system epss
scoring_elements 0.95483
published_at 2026-04-18T12:55:00Z
6
value 0.20012
scoring_system epss
scoring_elements 0.95478
published_at 2026-04-16T12:55:00Z
7
value 0.20012
scoring_system epss
scoring_elements 0.95469
published_at 2026-04-13T12:55:00Z
8
value 0.20012
scoring_system epss
scoring_elements 0.95464
published_at 2026-04-09T12:55:00Z
9
value 0.20012
scoring_system epss
scoring_elements 0.95461
published_at 2026-04-08T12:55:00Z
10
value 0.20012
scoring_system epss
scoring_elements 0.95454
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14404
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1595985
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1595985
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/sparklemotion/nokogiri/issues/1785
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1785
8
reference_url https://gitlab.gnome.org/GNOME/libxml2/issues/10
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://gitlab.gnome.org/GNOME/libxml2/issues/10
9
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
10
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
11
reference_url https://security.netapp.com/advisory/ntap-20190719-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190719-0002
12
reference_url https://security.netapp.com/advisory/ntap-20190719-0002/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://security.netapp.com/advisory/ntap-20190719-0002/
13
reference_url https://usn.ubuntu.com/3739-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-1
14
reference_url https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://usn.ubuntu.com/3739-1/
15
reference_url https://usn.ubuntu.com/3739-2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-2
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14404
reference_id CVE-2018-14404
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
3
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14404
23
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml
reference_id CVE-2018-14404.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml
24
reference_url https://github.com/advisories/GHSA-6qvp-r6r3-9p7h
reference_id GHSA-6qvp-r6r3-9p7h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qvp-r6r3-9p7h
25
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
26
reference_url https://access.redhat.com/errata/RHSA-2020:1827
reference_id RHSA-2020:1827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1827
27
reference_url https://usn.ubuntu.com/3739-2/
reference_id USN-3739-2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/
url https://usn.ubuntu.com/3739-2/
fixed_packages
aliases CVE-2018-14404, GHSA-6qvp-r6r3-9p7h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6
3
url VCID-t53m-6vvr-27cf
vulnerability_id VCID-t53m-6vvr-27cf
summary 
Loop with Unreachable Exit Condition ('Infinite Loop')
libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14567
reference_id
reference_type
scores
0
value 0.00677
scoring_system epss
scoring_elements 0.71451
published_at 2026-04-01T12:55:00Z
1
value 0.00677
scoring_system epss
scoring_elements 0.71459
published_at 2026-04-02T12:55:00Z
2
value 0.00677
scoring_system epss
scoring_elements 0.71476
published_at 2026-04-04T12:55:00Z
3
value 0.00677
scoring_system epss
scoring_elements 0.71449
published_at 2026-04-07T12:55:00Z
4
value 0.00677
scoring_system epss
scoring_elements 0.71489
published_at 2026-04-08T12:55:00Z
5
value 0.00677
scoring_system epss
scoring_elements 0.71501
published_at 2026-04-09T12:55:00Z
6
value 0.00677
scoring_system epss
scoring_elements 0.71524
published_at 2026-04-11T12:55:00Z
7
value 0.00677
scoring_system epss
scoring_elements 0.71508
published_at 2026-04-12T12:55:00Z
8
value 0.00677
scoring_system epss
scoring_elements 0.7149
published_at 2026-04-13T12:55:00Z
9
value 0.00677
scoring_system epss
scoring_elements 0.71536
published_at 2026-04-16T12:55:00Z
10
value 0.00677
scoring_system epss
scoring_elements 0.71541
published_at 2026-04-18T12:55:00Z
11
value 0.00677
scoring_system epss
scoring_elements 0.7152
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14567
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1619875
reference_id 1619875
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1619875
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14567
reference_id CVE-2018-14567
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-14567
6
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
fixed_packages
aliases CVE-2018-14567
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t53m-6vvr-27cf
4
url VCID-tn87-vke6-kuf6
vulnerability_id VCID-tn87-vke6-kuf6
summary 
Use After Free
Use after free in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:3401
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:3401
1
reference_url https://access.redhat.com/errata/RHSA-2018:0287
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:0287
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15412
reference_id
reference_type
scores
0
value 0.01891
scoring_system epss
scoring_elements 0.83187
published_at 2026-04-13T12:55:00Z
1
value 0.01891
scoring_system epss
scoring_elements 0.83191
published_at 2026-04-12T12:55:00Z
2
value 0.01891
scoring_system epss
scoring_elements 0.83197
published_at 2026-04-11T12:55:00Z
3
value 0.01891
scoring_system epss
scoring_elements 0.83174
published_at 2026-04-08T12:55:00Z
4
value 0.01891
scoring_system epss
scoring_elements 0.83181
published_at 2026-04-09T12:55:00Z
5
value 0.01891
scoring_system epss
scoring_elements 0.83227
published_at 2026-04-21T12:55:00Z
6
value 0.01891
scoring_system epss
scoring_elements 0.83224
published_at 2026-04-18T12:55:00Z
7
value 0.01891
scoring_system epss
scoring_elements 0.83223
published_at 2026-04-16T12:55:00Z
8
value 0.01891
scoring_system epss
scoring_elements 0.83149
published_at 2026-04-07T12:55:00Z
9
value 0.01943
scoring_system epss
scoring_elements 0.8337
published_at 2026-04-01T12:55:00Z
10
value 0.01943
scoring_system epss
scoring_elements 0.83398
published_at 2026-04-04T12:55:00Z
11
value 0.01943
scoring_system epss
scoring_elements 0.83383
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15412
4
reference_url https://bugzilla.gnome.org/show_bug.cgi?id=783160
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.gnome.org/show_bug.cgi?id=783160
5
reference_url https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
6
reference_url https://crbug.com/727039
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://crbug.com/727039
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
8
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml
10
reference_url https://github.com/sparklemotion/nokogiri/issues/1714
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1714
11
reference_url https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
12
reference_url https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348
13
reference_url https://www.debian.org/security/2018/dsa-4086
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4086
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1523128
reference_id 1523128
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1523128
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790
reference_id 883790
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790
16
reference_url https://security.archlinux.org/ASA-201712-5
reference_id ASA-201712-5
reference_type
scores
url https://security.archlinux.org/ASA-201712-5
17
reference_url https://security.archlinux.org/AVG-544
reference_id AVG-544
reference_type
scores
0
value Critical
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-544
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15412
reference_id CVE-2017-15412
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15412
19
reference_url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html
reference_id CVE-2017-15412.HTML
reference_type
scores
url https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html
20
reference_url https://github.com/advisories/GHSA-r58r-74gx-6wx3
reference_id GHSA-r58r-74gx-6wx3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r58r-74gx-6wx3
21
reference_url https://security.gentoo.org/glsa/201801-03
reference_id GLSA-201801-03
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/201801-03
22
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
23
reference_url https://usn.ubuntu.com/3513-1/
reference_id USN-3513-1
reference_type
scores
url https://usn.ubuntu.com/3513-1/
24
reference_url https://usn.ubuntu.com/3513-2/
reference_id USN-3513-2
reference_type
scores
url https://usn.ubuntu.com/3513-2/
fixed_packages
aliases CVE-2017-15412, GHSA-r58r-74gx-6wx3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn87-vke6-kuf6
5
url VCID-wc4g-sxyq-ubcd
vulnerability_id VCID-wc4g-sxyq-ubcd
summary 
Allocation of Resources Without Limits or Throttling
The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-18258
reference_id
reference_type
scores
0
value 0.0079
scoring_system epss
scoring_elements 0.73922
published_at 2026-04-18T12:55:00Z
1
value 0.0079
scoring_system epss
scoring_elements 0.73914
published_at 2026-04-21T12:55:00Z
2
value 0.0079
scoring_system epss
scoring_elements 0.73824
published_at 2026-04-01T12:55:00Z
3
value 0.0079
scoring_system epss
scoring_elements 0.73872
published_at 2026-04-13T12:55:00Z
4
value 0.0079
scoring_system epss
scoring_elements 0.7388
published_at 2026-04-12T12:55:00Z
5
value 0.0079
scoring_system epss
scoring_elements 0.73898
published_at 2026-04-11T12:55:00Z
6
value 0.0079
scoring_system epss
scoring_elements 0.73876
published_at 2026-04-09T12:55:00Z
7
value 0.0079
scoring_system epss
scoring_elements 0.73863
published_at 2026-04-08T12:55:00Z
8
value 0.0079
scoring_system epss
scoring_elements 0.73829
published_at 2026-04-07T12:55:00Z
9
value 0.0079
scoring_system epss
scoring_elements 0.73858
published_at 2026-04-04T12:55:00Z
10
value 0.0079
scoring_system epss
scoring_elements 0.73833
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-18258
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml
6
reference_url https://kc.mcafee.com/corporate/index?page=content&id=SB10284
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://kc.mcafee.com/corporate/index?page=content&id=SB10284
7
reference_url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
8
reference_url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20190719-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190719-0001
10
reference_url https://security.netapp.com/advisory/ntap-20190719-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190719-0001/
11
reference_url https://usn.ubuntu.com/3739-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3739-1
12
reference_url https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3739-1/
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1566749
reference_id 1566749
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1566749
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
reference_id 895245
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
15
reference_url https://security.archlinux.org/AVG-671
reference_id AVG-671
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-671
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-18258
reference_id CVE-2017-18258
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-18258
17
reference_url https://github.com/advisories/GHSA-882p-jqgm-f45g
reference_id GHSA-882p-jqgm-f45g
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-882p-jqgm-f45g
18
reference_url https://access.redhat.com/errata/RHSA-2020:1190
reference_id RHSA-2020:1190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1190
fixed_packages
aliases CVE-2017-18258, GHSA-882p-jqgm-f45g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libxml2@2.9.1-6.el7%3Farch=4