Package Instance

reference_id

RHSA-2025:10630

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:10698

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:10699

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:11580

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:11673

reference_url

reference_id

RHSA-2025:11673

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:11673

reference_url

reference_id

RHSA-2025:12098

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12099

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12199

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12237

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12239

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12240

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:12241

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

reference_url

reference_id

RHSA-2025:13267

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13289

reference_url

reference_id

RHSA-2025:13289

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13289

reference_url

https://access.redhat.com/errata/RHSA-2025:13325

reference_id

RHSA-2025:13325

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13325

reference_url

reference_id

RHSA-2025:13335

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13336

reference_url

reference_id

RHSA-2025:13336

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:13336

reference_url

https://access.redhat.com/errata/RHSA-2025:14059

reference_id

RHSA-2025:14059

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:14059

reference_url

https://access.redhat.com/errata/RHSA-2025:14396

reference_id

RHSA-2025:14396

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:14396

reference_url

https://access.redhat.com/errata/RHSA-2025:15308

reference_id

RHSA-2025:15308

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:15308

reference_url

https://access.redhat.com/errata/RHSA-2025:15672

reference_id

RHSA-2025:15672

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

https://access.redhat.com/errata/RHSA-2025:15672

reference_url

reference_id

RHSA-2025:19020

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-03T14:41:19Z/

url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-6021

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-27jd-t23h-73f4

url VCID-2b1g-gp84-87e8

vulnerability_id VCID-2b1g-gp84-87e8

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7499

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json

reference_url

reference_id

reference_type

scores

value	0.01577
scoring_system	epss
scoring_elements	0.81559
published_at	2026-04-12T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81487
published_at	2026-04-01T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81499
published_at	2026-04-02T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81521
published_at	2026-04-04T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81518
published_at	2026-04-07T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81546
published_at	2026-04-08T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81552
published_at	2026-04-13T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81572
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7499

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1281925

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1281925

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da

reference_url

https://github.com/advisories/GHSA-jxjr-5h69-qw3w

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jxjr-5h69-qw3w

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url	https://support.apple.com/HT206166
reference_id
reference_type
scores
url	https://support.apple.com/HT206166

reference_url	https://support.apple.com/HT206167
reference_id
reference_type
scores
url	https://support.apple.com/HT206167

reference_url	https://support.apple.com/HT206168
reference_id
reference_type
scores
url	https://support.apple.com/HT206168

reference_url	https://support.apple.com/HT206169
reference_id
reference_type
scores
url	https://support.apple.com/HT206169

reference_url

https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509

reference_url

https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/79509
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/79509

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7499

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url

reference_id

CVE-2015-7499

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7499

reference_url

reference_id

GLSA-201701-37

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8806

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2834-1/
reference_id	USN-2834-1
reference_type
scores
url	https://usn.ubuntu.com/2834-1/

reference_url	https://usn.ubuntu.com/2875-1/
reference_id	USN-2875-1
reference_type
scores
url	https://usn.ubuntu.com/2875-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-7499, GHSA-jxjr-5h69-qw3w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2b1g-gp84-87e8

url VCID-2j62-5rjn-vyeu

vulnerability_id VCID-2j62-5rjn-vyeu

summary

Uncontrolled Resource Consumption
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8806.json

reference_url

reference_id

reference_type

scores

value	0.06052
scoring_system	epss
scoring_elements	0.9071
published_at	2026-04-04T12:55:00Z

value	0.06052
scoring_system	epss
scoring_elements	0.90694
published_at	2026-04-01T12:55:00Z

value	0.06052
scoring_system	epss
scoring_elements	0.90743
published_at	2026-04-13T12:55:00Z

value	0.06052
scoring_system	epss
scoring_elements	0.90746
published_at	2026-04-12T12:55:00Z

value	0.06052
scoring_system	epss
scoring_elements	0.90737
published_at	2026-04-09T12:55:00Z

value	0.06052
scoring_system	epss
scoring_elements	0.90731
published_at	2026-04-08T12:55:00Z

value	0.06052
scoring_system	epss
scoring_elements	0.9072
published_at	2026-04-07T12:55:00Z

value	0.06052
scoring_system	epss
scoring_elements	0.90699
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8806

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=749115

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.gnome.org/show_bug.cgi?id=749115

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1473

reference_url	https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/03d402212707bd5dfa0a21b7de5e91a7f9d90028

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1473

reference_url	https://mail.gnome.org/archives/xml/2016-May/msg00023.html
reference_id
reference_type
scores
url	https://mail.gnome.org/archives/xml/2016-May/msg00023.html

reference_url

https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/02/03/5

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/02/03/5

reference_url

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.securityfocus.com/bid/82071
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/82071

reference_url	http://www.ubuntu.com/usn/usn-2994-1/
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-2994-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8806

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1304636
reference_id	1304636
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1304636

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613
reference_id	813613
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

reference_id

CVE-2015-8806

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8806

reference_url

https://github.com/advisories/GHSA-7hp2-xwpj-95jq

reference_id

GHSA-7hp2-xwpj-95jq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7hp2-xwpj-95jq

reference_url

reference_id

GLSA-201701-37

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-8806, GHSA-7hp2-xwpj-95jq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2j62-5rjn-vyeu

url VCID-31w8-13b6-8beh

vulnerability_id VCID-31w8-13b6-8beh

summary libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24928.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24928

reference_id

reference_type

scores

value	0.00235
scoring_system	epss
scoring_elements	0.46331
published_at	2026-04-02T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46361
published_at	2026-04-13T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.463
published_at	2026-04-07T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46355
published_at	2026-04-08T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46356
published_at	2026-04-09T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46379
published_at	2026-04-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46351
published_at	2026-04-12T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46352
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24928

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24928

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321
reference_id	1098321
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098321

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2346421
reference_id	2346421
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2346421

reference_url

https://issues.oss-fuzz.com/issues/392687022

reference_id

392687022

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/

url

https://issues.oss-fuzz.com/issues/392687022

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

reference_id

847

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-23T03:55:31Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/847

reference_url	https://access.redhat.com/errata/RHSA-2025:2482
reference_id	RHSA-2025:2482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2482

reference_url	https://access.redhat.com/errata/RHSA-2025:2483
reference_id	RHSA-2025:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2483

reference_url	https://access.redhat.com/errata/RHSA-2025:2507
reference_id	RHSA-2025:2507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2507

reference_url	https://access.redhat.com/errata/RHSA-2025:2513
reference_id	RHSA-2025:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2513

reference_url	https://access.redhat.com/errata/RHSA-2025:2654
reference_id	RHSA-2025:2654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2654

reference_url	https://access.redhat.com/errata/RHSA-2025:2660
reference_id	RHSA-2025:2660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2660

reference_url	https://access.redhat.com/errata/RHSA-2025:2673
reference_id	RHSA-2025:2673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2673

reference_url	https://access.redhat.com/errata/RHSA-2025:2678
reference_id	RHSA-2025:2678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2678

reference_url	https://access.redhat.com/errata/RHSA-2025:2679
reference_id	RHSA-2025:2679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2679

reference_url	https://access.redhat.com/errata/RHSA-2025:2686
reference_id	RHSA-2025:2686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2686

reference_url	https://access.redhat.com/errata/RHSA-2025:2789
reference_id	RHSA-2025:2789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2789

reference_url	https://access.redhat.com/errata/RHSA-2025:3055
reference_id	RHSA-2025:3055
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3055

reference_url	https://access.redhat.com/errata/RHSA-2025:3368
reference_id	RHSA-2025:3368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3368

reference_url	https://access.redhat.com/errata/RHSA-2025:3397
reference_id	RHSA-2025:3397
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3397

reference_url	https://access.redhat.com/errata/RHSA-2025:3453
reference_id	RHSA-2025:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3453

reference_url	https://access.redhat.com/errata/RHSA-2025:3569
reference_id	RHSA-2025:3569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3569

reference_url	https://access.redhat.com/errata/RHSA-2025:3775
reference_id	RHSA-2025:3775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3775

reference_url	https://access.redhat.com/errata/RHSA-2025:3780
reference_id	RHSA-2025:3780
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3780

reference_url	https://access.redhat.com/errata/RHSA-2025:3867
reference_id	RHSA-2025:3867
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3867

reference_url	https://access.redhat.com/errata/RHSA-2025:4005
reference_id	RHSA-2025:4005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4005

reference_url	https://access.redhat.com/errata/RHSA-2025:9895
reference_id	RHSA-2025:9895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9895

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-24928

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31w8-13b6-8beh

url VCID-33n1-125n-63h6

vulnerability_id VCID-33n1-125n-63h6

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The xmlParseMisc function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2549.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2550.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7500.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7500.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7500

reference_id

reference_type

scores

value	0.01486
scoring_system	epss
scoring_elements	0.81032
published_at	2026-04-13T12:55:00Z

value	0.01486
scoring_system	epss
scoring_elements	0.80969
published_at	2026-04-01T12:55:00Z

value	0.01486
scoring_system	epss
scoring_elements	0.80978
published_at	2026-04-02T12:55:00Z

value	0.01486
scoring_system	epss
scoring_elements	0.81002
published_at	2026-04-04T12:55:00Z

value	0.01486
scoring_system	epss
scoring_elements	0.81
published_at	2026-04-07T12:55:00Z

value	0.01486
scoring_system	epss
scoring_elements	0.81029
published_at	2026-04-08T12:55:00Z

value	0.01486
scoring_system	epss
scoring_elements	0.81035
published_at	2026-04-09T12:55:00Z

value	0.01486
scoring_system	epss
scoring_elements	0.81052
published_at	2026-04-11T12:55:00Z

value	0.01486
scoring_system	epss
scoring_elements	0.81039
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url	https://support.apple.com/HT206166
reference_id
reference_type
scores
url	https://support.apple.com/HT206166

reference_url	https://support.apple.com/HT206167
reference_id
reference_type
scores
url	https://support.apple.com/HT206167

reference_url	https://support.apple.com/HT206168
reference_id
reference_type
scores
url	https://support.apple.com/HT206168

reference_url	https://support.apple.com/HT206169
reference_id
reference_type
scores
url	https://support.apple.com/HT206169

reference_url	http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3430

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/79562
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/79562

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url	http://www.ubuntu.com/usn/USN-2834-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2834-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1281943
reference_id	1281943
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1281943

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7500

reference_id

CVE-2015-7500

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7500

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2834-1/
reference_id	USN-2834-1
reference_type
scores
url	https://usn.ubuntu.com/2834-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-7500

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-33n1-125n-63h6

url VCID-3d1e-enaq-q3cx

vulnerability_id VCID-3d1e-enaq-q3cx

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors.

references

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2549.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2550.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7497.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7497.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7497

reference_id

reference_type

scores

value	0.03052
scoring_system	epss
scoring_elements	0.86699
published_at	2026-04-13T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86637
published_at	2026-04-01T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86647
published_at	2026-04-02T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86667
published_at	2026-04-04T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86666
published_at	2026-04-07T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86685
published_at	2026-04-08T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86695
published_at	2026-04-09T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86708
published_at	2026-04-11T12:55:00Z

value	0.03052
scoring_system	epss
scoring_elements	0.86705
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url	http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3430

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/79508
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/79508

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url	http://www.ubuntu.com/usn/USN-2834-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2834-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1281862
reference_id	1281862
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1281862

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7497

reference_id

CVE-2015-7497

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7497

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2834-1/
reference_id	USN-2834-1
reference_type
scores
url	https://usn.ubuntu.com/2834-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-7497

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3d1e-enaq-q3cx

url VCID-3s4n-twju-b3dw

vulnerability_id VCID-3s4n-twju-b3dw

summary

Uncontrolled Resource Consumption
The xz_decomp function in xzlib.c in libxml2 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8035.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8035.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8035

reference_id

reference_type

scores

value	0.0108
scoring_system	epss
scoring_elements	0.77793
published_at	2026-04-02T12:55:00Z

value	0.0108
scoring_system	epss
scoring_elements	0.77787
published_at	2026-04-01T12:55:00Z

value	0.0108
scoring_system	epss
scoring_elements	0.77821
published_at	2026-04-04T12:55:00Z

value	0.01104
scoring_system	epss
scoring_elements	0.78079
published_at	2026-04-13T12:55:00Z

value	0.01104
scoring_system	epss
scoring_elements	0.781
published_at	2026-04-11T12:55:00Z

value	0.01104
scoring_system	epss
scoring_elements	0.78083
published_at	2026-04-12T12:55:00Z

value	0.01104
scoring_system	epss
scoring_elements	0.78043
published_at	2026-04-07T12:55:00Z

value	0.01104
scoring_system	epss
scoring_elements	0.78069
published_at	2026-04-08T12:55:00Z

value	0.01104
scoring_system	epss
scoring_elements	0.78073
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8035

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=757466
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=757466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

reference_url	https://support.apple.com/HT206166
reference_id
reference_type
scores
url	https://support.apple.com/HT206166

reference_url	https://support.apple.com/HT206167
reference_id
reference_type
scores
url	https://support.apple.com/HT206167

reference_url	https://support.apple.com/HT206168
reference_id
reference_type
scores
url	https://support.apple.com/HT206168

reference_url	https://support.apple.com/HT206169
reference_id
reference_type
scores
url	https://support.apple.com/HT206169

reference_url	http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3430

reference_url	http://www.openwall.com/lists/oss-security/2015/11/02/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/02/2

reference_url	http://www.openwall.com/lists/oss-security/2015/11/02/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/02/4

reference_url	http://www.openwall.com/lists/oss-security/2015/11/03/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/03/1

reference_url	http://www.securityfocus.com/bid/77390
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/77390

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url	http://www.ubuntu.com/usn/USN-2812-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2812-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1277146
reference_id	1277146
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1277146

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803942
reference_id	803942
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803942

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.1:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8035

reference_id

CVE-2015-8035

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8035

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

reference_url	https://usn.ubuntu.com/2812-1/
reference_id	USN-2812-1
reference_type
scores
url	https://usn.ubuntu.com/2812-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-8035

risk_score 1.1

exploitability 0.5

weighted_severity 2.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3s4n-twju-b3dw

url VCID-3whx-6t3e-7beq

vulnerability_id VCID-3whx-6t3e-7beq

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5969

reference_id

reference_type

scores

value	0.02935
scoring_system	epss
scoring_elements	0.86361
published_at	2026-04-01T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86426
published_at	2026-04-13T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.8642
published_at	2026-04-09T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86434
published_at	2026-04-11T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86432
published_at	2026-04-12T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86372
published_at	2026-04-02T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86389
published_at	2026-04-04T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86391
published_at	2026-04-07T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.8641
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5969

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=778519
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=778519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_url	https://security.gentoo.org/glsa/201711-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201711-01

reference_url	http://www.openwall.com/lists/oss-security/2016/11/05/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/11/05/3

reference_url	http://www.openwall.com/lists/oss-security/2017/02/13/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2017/02/13/1

reference_url	http://www.securityfocus.com/bid/96188
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/96188

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1421996
reference_id	1421996
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1421996

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001
reference_id	855001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5969

reference_id

CVE-2017-5969

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5969

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-5969

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3whx-6t3e-7beq

url VCID-464a-typa-7qbu

vulnerability_id VCID-464a-typa-7qbu

summary libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command Handling

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-6170.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-6170

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10121
published_at	2026-04-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10061
published_at	2026-04-08T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10087
published_at	2026-04-04T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.09984
published_at	2026-04-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10161
published_at	2026-04-11T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10028
published_at	2026-04-02T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30654
published_at	2026-04-13T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30698
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-6170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938
reference_id	1107938
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2372952

reference_id

2372952

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2372952

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/941

reference_id

941

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/941

reference_url

reference_id

AVG-2898

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2025-6170

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

reference_id

CVE-2025-6170

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-16T16:05:03Z/

url

https://access.redhat.com/security/cve/CVE-2025-6170

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-6170

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-464a-typa-7qbu

url VCID-4hws-gtxr-3bge

vulnerability_id VCID-4hws-gtxr-3bge

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7376

reference_id

reference_type

scores

value	0.38432
scoring_system	epss
scoring_elements	0.97211
published_at	2026-04-01T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97239
published_at	2026-04-13T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97237
published_at	2026-04-11T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97238
published_at	2026-04-12T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97216
published_at	2026-04-02T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97222
published_at	2026-04-04T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97223
published_at	2026-04-07T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97233
published_at	2026-04-08T12:55:00Z

value	0.38432
scoring_system	epss
scoring_elements	0.97234
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1462216
reference_id	1462216
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1462216

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865
reference_id	870865
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7376
reference_id	CVE-2017-7376
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7376

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-7376

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hws-gtxr-3bge

url VCID-4m3j-qy8c-4uhk

vulnerability_id VCID-4m3j-qy8c-4uhk

summary NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2309.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2309

reference_id

reference_type

scores

value	0.00868
scoring_system	epss
scoring_elements	0.75167
published_at	2026-04-12T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75189
published_at	2026-04-11T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75168
published_at	2026-04-09T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75155
published_at	2026-04-13T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75121
published_at	2026-04-07T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75144
published_at	2026-04-04T12:55:00Z

value	0.00868
scoring_system	epss
scoring_elements	0.75114
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2309

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2309

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-wrxv-2j5q-m38w

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-wrxv-2j5q-m38w

reference_url

https://github.com/lxml/lxml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lxml/lxml

reference_url

https://github.com/lxml/lxml/blob/master/CHANGES.txt

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lxml/lxml/blob/master/CHANGES.txt

reference_url

https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/lxml/PYSEC-2022-230.yaml

reference_url

https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba

reference_url

https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/09/msg00021.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-2309

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-2309

reference_url

https://security.gentoo.org/glsa/202208-06

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202208-06

reference_url

https://security.netapp.com/advisory/ntap-20220915-0006

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220915-0006

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766
reference_id	1014766
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991
reference_id	1039991
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039991

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2107571
reference_id	2107571
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2107571

reference_url	https://access.redhat.com/errata/RHSA-2022:8226
reference_id	RHSA-2022:8226
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8226

reference_url	https://usn.ubuntu.com/5760-1/
reference_id	USN-5760-1
reference_type
scores
url	https://usn.ubuntu.com/5760-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2022-2309, GHSA-wrxv-2j5q-m38w, PYSEC-2022-230

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4m3j-qy8c-4uhk

url VCID-51f2-w9b7-9fb4

vulnerability_id VCID-51f2-w9b7-9fb4

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1840.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1840.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1840

reference_id

reference_type

scores

value	0.02142
scoring_system	epss
scoring_elements	0.84146
published_at	2026-04-01T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.84217
published_at	2026-04-13T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.84226
published_at	2026-04-11T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.8422
published_at	2026-04-12T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.8416
published_at	2026-04-02T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.84178
published_at	2026-04-04T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.8418
published_at	2026-04-07T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.84201
published_at	2026-04-08T12:55:00Z

value	0.02142
scoring_system	epss
scoring_elements	0.84208
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1840

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=757711
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=757711

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://support.apple.com/HT206564
reference_id
reference_type
scores
url	https://support.apple.com/HT206564

reference_url	https://support.apple.com/HT206566
reference_id
reference_type
scores
url	https://support.apple.com/HT206566

reference_url	https://support.apple.com/HT206567
reference_id
reference_type
scores
url	https://support.apple.com/HT206567

reference_url	https://support.apple.com/HT206568
reference_id
reference_type
scores
url	https://support.apple.com/HT206568

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/90691
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90691

reference_url	http://www.securitytracker.com/id/1035890
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035890

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338706
reference_id	1338706
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338706

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::
reference_id	cpe:2.3:a:mcafee:web_gateway::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1840

reference_id

CVE-2016-1840

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1840

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-1840

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-51f2-w9b7-9fb4

url VCID-57yv-ay7b-v7ev

vulnerability_id VCID-57yv-ay7b-v7ev

summary

Out-of-bounds Write
An integer overflow in xmlmemory.c in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5130.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5130.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5130

reference_id

reference_type

scores

value	0.01165
scoring_system	epss
scoring_elements	0.78627
published_at	2026-04-13T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78576
published_at	2026-04-01T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78583
published_at	2026-04-02T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78614
published_at	2026-04-04T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78596
published_at	2026-04-07T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78621
published_at	2026-04-08T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78628
published_at	2026-04-09T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78652
published_at	2026-04-11T12:55:00Z

value	0.01165
scoring_system	epss
scoring_elements	0.78634
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5130

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.securityfocus.com/bid/101482

reference_id

101482

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

http://www.securityfocus.com/bid/101482

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1503537
reference_id	1503537
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1503537

reference_url

https://crbug.com/722079

reference_id

722079

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://crbug.com/722079

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880000
reference_id	880000
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880000

reference_url	https://security.archlinux.org/ASA-201710-27
reference_id	ASA-201710-27
reference_type
scores
url	https://security.archlinux.org/ASA-201710-27

reference_url

https://security.archlinux.org/AVG-456

reference_id

AVG-456

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-456

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-5130
reference_id	CVE-2017-5130
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-5130

reference_url

https://security.gentoo.org/glsa/201710-24

reference_id

GLSA-201710-24

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://security.gentoo.org/glsa/201710-24

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed

reference_id

?id=897dffbae322b46b83f99a607d527058a72c51ed

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed

reference_url

https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html

reference_id

msg00034.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html

reference_url

https://access.redhat.com/errata/RHSA-2017:2997

reference_id

RHSA-2017:2997

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://access.redhat.com/errata/RHSA-2017:2997

reference_url

http://bugzilla.gnome.org/show_bug.cgi?id=783026

reference_id

show_bug.cgi?id=783026

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

http://bugzilla.gnome.org/show_bug.cgi?id=783026

reference_url

https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html

reference_id

stable-channel-update-for-desktop.html

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T22:02:28Z/

url

https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-5130

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57yv-ay7b-v7ev

url VCID-69ff-ngna-mkbv

vulnerability_id VCID-69ff-ngna-mkbv

summary

Uncontrolled Resource Consumption
parser.c in libxml2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

references

reference_url	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
reference_id
reference_type
scores
url	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

reference_url	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

reference_url	http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://rhn.redhat.com/errata/RHSA-2014-1655.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2014-1655.html

reference_url	http://rhn.redhat.com/errata/RHSA-2014-1885.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2014-1885.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3660.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3660.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3660

reference_id

reference_type

scores

value	0.04342
scoring_system	epss
scoring_elements	0.88935
published_at	2026-04-13T12:55:00Z

value	0.04342
scoring_system	epss
scoring_elements	0.88936
published_at	2026-04-12T12:55:00Z

value	0.04342
scoring_system	epss
scoring_elements	0.8888
published_at	2026-04-01T12:55:00Z

value	0.04342
scoring_system	epss
scoring_elements	0.88888
published_at	2026-04-02T12:55:00Z

value	0.04342
scoring_system	epss
scoring_elements	0.88903
published_at	2026-04-04T12:55:00Z

value	0.04342
scoring_system	epss
scoring_elements	0.88905
published_at	2026-04-07T12:55:00Z

value	0.04342
scoring_system	epss
scoring_elements	0.88924
published_at	2026-04-08T12:55:00Z

value	0.04342
scoring_system	epss
scoring_elements	0.88929
published_at	2026-04-09T12:55:00Z

value	0.04342
scoring_system	epss
scoring_elements	0.88941
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3660

reference_url	https://bugzilla.redhat.com/attachment.cgi?id=944444&action=diff
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/attachment.cgi?id=944444&action=diff

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

reference_url	http://secunia.com/advisories/59903
reference_id
reference_type
scores
url	http://secunia.com/advisories/59903

reference_url	http://secunia.com/advisories/61965
reference_id
reference_type
scores
url	http://secunia.com/advisories/61965

reference_url	http://secunia.com/advisories/61966
reference_id
reference_type
scores
url	http://secunia.com/advisories/61966

reference_url	http://secunia.com/advisories/61991
reference_id
reference_type
scores
url	http://secunia.com/advisories/61991

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://support.apple.com/kb/HT205030
reference_id
reference_type
scores
url	https://support.apple.com/kb/HT205030

reference_url	https://support.apple.com/kb/HT205031
reference_id
reference_type
scores
url	https://support.apple.com/kb/HT205031

reference_url	https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
reference_id
reference_type
scores
url	https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html

reference_url	http://www.debian.org/security/2014/dsa-3057
reference_id
reference_type
scores
url	http://www.debian.org/security/2014/dsa-3057

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2014:244

reference_url	http://www.openwall.com/lists/oss-security/2014/10/17/7
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2014/10/17/7

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/70644
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/70644

reference_url	http://www.ubuntu.com/usn/USN-2389-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2389-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1149084
reference_id	1149084
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1149084

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765722
reference_id	765722
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765722

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.0.0:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.1.0:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.1.1:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.0:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.1:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.10:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.11:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.2:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.3:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.5:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.6:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.7:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.8:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.9:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.2.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.0:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.1:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.10:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.11:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.12:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.13:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.14:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.2:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.3:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.5:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.6:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.7:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.8:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.9:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.1:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.10:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.11:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.12:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.13:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.14:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.15:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.16:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.17:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.18:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.19:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.2:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.20:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.21:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.21:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.22:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.23:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.24:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.24:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.25:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.25:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.26:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.26:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.27:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.27:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.28:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.29:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.3:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.30:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.5:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.6:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.7:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.8:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.9:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.4.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.4.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.0:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.10:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.5.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.11:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.5.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.5.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.7:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.8:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.5.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.5.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.0:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.1:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.11:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.11:::::::*

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.12:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.12:::::::*

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.13:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.13:::::::*

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.14:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.14:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.16:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.16:::::::*

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.17:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.17:::::::*

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.18:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.18:::::::*

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.2:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.2:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.20:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.20:::::::*

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.21:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.21:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.21:::::::*

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.22:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.22:::::::*

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.23:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.23:::::::*

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.24:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.24:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.24:::::::*

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.25:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.25:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.25:::::::*

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.26:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.26:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.26:::::::*

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.27:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.27:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.27:::::::*

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.28:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.28:::::::*

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.29:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.29:::::::*

117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.3:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.3:::::::*

118

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.30:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.30:::::::*

119

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.31:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.31:::::::*

120

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.32:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.32:::::::*

121

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.4:::::::*

122

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.5:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.5:::::::*

123

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.6:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.6:::::::*

124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.7:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.7:::::::*

125

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.8:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.8:::::::*

126

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.9:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.6.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.6.9:::::::*

127

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.0:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.0:::::::*

128

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.1:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.1:::::::*

129

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.2:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.2:::::::*

130

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.3:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.3:::::::*

131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.4:::::::*

132

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.5:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.5:::::::*

133

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.6:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.6:::::::*

134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.7:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.7.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.7:::::::*

135

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.8:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.7.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.7.8:::::::*

136

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.8.0:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.8.0:::::::*

137

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.0:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.0:::::::*

138

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1::::::

139

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

140

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::

141

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

142

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

143

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

144

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*

145

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3660

reference_id

CVE-2014-3660

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3660

146

reference_url	https://security.gentoo.org/glsa/201412-06
reference_id	GLSA-201412-06
reference_type
scores
url	https://security.gentoo.org/glsa/201412-06

147

reference_url	https://access.redhat.com/errata/RHSA-2014:1655
reference_id	RHSA-2014:1655
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1655

148

reference_url	https://access.redhat.com/errata/RHSA-2014:1885
reference_id	RHSA-2014:1885
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1885

149

reference_url	https://usn.ubuntu.com/2389-1/
reference_id	USN-2389-1
reference_type
scores
url	https://usn.ubuntu.com/2389-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2014-3660

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69ff-ngna-mkbv

url VCID-6h9f-6pmg-3fh3

vulnerability_id VCID-6h9f-6pmg-3fh3

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2549.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2550.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7941.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7941.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7941

reference_id

reference_type

scores

value	0.00492
scoring_system	epss
scoring_elements	0.65587
published_at	2026-04-02T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65538
published_at	2026-04-01T12:55:00Z

value	0.00492
scoring_system	epss
scoring_elements	0.65617
published_at	2026-04-04T12:55:00Z

value	0.00545
scoring_system	epss
scoring_elements	0.67784
published_at	2026-04-13T12:55:00Z

value	0.00545
scoring_system	epss
scoring_elements	0.67833
published_at	2026-04-11T12:55:00Z

value	0.00545
scoring_system	epss
scoring_elements	0.6782
published_at	2026-04-12T12:55:00Z

value	0.00545
scoring_system	epss
scoring_elements	0.67744
published_at	2026-04-07T12:55:00Z

value	0.00545
scoring_system	epss
scoring_elements	0.67795
published_at	2026-04-08T12:55:00Z

value	0.00545
scoring_system	epss
scoring_elements	0.67809
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7941

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=744980
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=744980

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url	http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3430

reference_url	http://www.openwall.com/lists/oss-security/2015/10/22/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/10/22/5

reference_url	http://www.openwall.com/lists/oss-security/2015/10/22/8
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/10/22/8

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/74241
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/74241

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url	http://www.ubuntu.com/usn/USN-2812-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2812-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1274222
reference_id	1274222
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1274222

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783010
reference_id	783010
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783010

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.2:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7941

reference_id

CVE-2015-7941

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7941

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2812-1/
reference_id	USN-2812-1
reference_type
scores
url	https://usn.ubuntu.com/2812-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-7941

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6h9f-6pmg-3fh3

url VCID-74y5-vcxn-2ygr

vulnerability_id VCID-74y5-vcxn-2ygr

summary libxml: Heap use after free (UAF) leads to Denial of service (DoS)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49794.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49794

reference_id

reference_type

scores

value	0.00123
scoring_system	epss
scoring_elements	0.31508
published_at	2026-04-02T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31549
published_at	2026-04-04T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31368
published_at	2026-04-07T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31421
published_at	2026-04-08T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31452
published_at	2026-04-09T12:55:00Z

value	0.00123
scoring_system	epss
scoring_elements	0.31455
published_at	2026-04-11T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63434
published_at	2026-04-13T12:55:00Z

value	0.00445
scoring_system	epss
scoring_elements	0.63469
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755
reference_id	1107755
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107755

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2372373

reference_id

2372373

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2372373

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/931

reference_id

931

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/931

reference_url

reference_id

AVG-2898

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2025-49794

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9
reference_id	cpe:/a:redhat:cert_manager:1.16::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9
reference_id	cpe:/a:redhat:insights_proxy:1.5::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
reference_id	cpe:/a:redhat:openshift:4.12::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id	cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id	cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9
reference_id	cpe:/a:redhat:openshift:4.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9
reference_id	cpe:/a:redhat:openshift:4.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9
reference_id	cpe:/a:redhat:openshift:4.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9
reference_id	cpe:/a:redhat:openshift:4.20::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_id	cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8
reference_id	cpe:/a:redhat:openshift_serverless:1.36::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_id	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9
reference_id	cpe:/a:redhat:webterminal:1.11::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9
reference_id	cpe:/a:redhat:webterminal:1.12::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
reference_id	cpe:/o:redhat:enterprise_linux:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
reference_id	cpe:/o:redhat:enterprise_linux:8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
reference_id	cpe:/o:redhat:enterprise_linux:9::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
reference_id	cpe:/o:redhat:rhel_els:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
reference_id	cpe:/o:redhat:rhel_eus:9.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_id	cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos

reference_url

reference_id

CVE-2025-49794

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://access.redhat.com/security/cve/CVE-2025-49794

reference_url

reference_id

RHSA-2025:10630

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:10698

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:10699

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:11580

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12098

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12099

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12199

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12237

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12239

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12240

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:12241

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:13335

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:15827

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:15828

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:18219

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:19020

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2025:21913

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

reference_url

reference_id

RHSA-2026:0934

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:50:46Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-49794

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-74y5-vcxn-2ygr

url VCID-782a-uast-nbch

vulnerability_id VCID-782a-uast-nbch

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20388

reference_id

reference_type

scores

value	0.00614
scoring_system	epss
scoring_elements	0.69892
published_at	2026-04-11T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69869
published_at	2026-04-09T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69805
published_at	2026-04-07T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69863
published_at	2026-04-13T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69877
published_at	2026-04-12T12:55:00Z

value	0.00614
scoring_system	epss
scoring_elements	0.69853
published_at	2026-04-08T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70272
published_at	2026-04-04T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70255
published_at	2026-04-02T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70243
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20388

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1799734
reference_id	1799734
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1799734

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_id

545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url

https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583
reference_id	949583
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-20388
reference_id	CVE-2019-20388
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-20388

reference_url

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2019-20388

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-782a-uast-nbch

url VCID-7bpp-2hvk-2udv

vulnerability_id VCID-7bpp-2hvk-2udv

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24977.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-24977

reference_id

reference_type

scores

value	0.00502
scoring_system	epss
scoring_elements	0.66024
published_at	2026-04-13T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.65987
published_at	2026-04-07T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66036
published_at	2026-04-08T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66048
published_at	2026-04-09T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66067
published_at	2026-04-11T12:55:00Z

value	0.00502
scoring_system	epss
scoring_elements	0.66054
published_at	2026-04-12T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66619
published_at	2026-04-02T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.66645
published_at	2026-04-04T12:55:00Z

value	0.00516
scoring_system	epss
scoring_elements	0.6658
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-24977

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/178

reference_url	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E

reference_url	https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/

reference_url	https://security.netapp.com/advisory/ntap-20200924-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200924-0001/

reference_url	https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
url	https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1877788
reference_id	1877788
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1877788

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529
reference_id	969529
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969529

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1839

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2020-24977
reference_id	CVE-2020-24977
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2020-24977

reference_url	https://security.gentoo.org/glsa/202107-05
reference_id	GLSA-202107-05
reference_type
scores
url	https://security.gentoo.org/glsa/202107-05

reference_url	https://access.redhat.com/errata/RHSA-2021:1597
reference_id	RHSA-2021:1597
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1597

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2020-24977

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bpp-2hvk-2udv

url VCID-7h3p-7ej2-17f1

vulnerability_id VCID-7h3p-7ej2-17f1

summary

Out-of-bounds Read
The xmlDictAddString function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1839.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1839.json

reference_url

reference_id

reference_type

scores

value	0.10773
scoring_system	epss
scoring_elements	0.93343
published_at	2026-04-13T12:55:00Z

value	0.10773
scoring_system	epss
scoring_elements	0.93344
published_at	2026-04-11T12:55:00Z

value	0.10773
scoring_system	epss
scoring_elements	0.93342
published_at	2026-04-12T12:55:00Z

value	0.10773
scoring_system	epss
scoring_elements	0.93312
published_at	2026-04-01T12:55:00Z

value	0.10773
scoring_system	epss
scoring_elements	0.93321
published_at	2026-04-02T12:55:00Z

value	0.10773
scoring_system	epss
scoring_elements	0.93327
published_at	2026-04-04T12:55:00Z

value	0.10773
scoring_system	epss
scoring_elements	0.93326
published_at	2026-04-07T12:55:00Z

value	0.10773
scoring_system	epss
scoring_elements	0.93335
published_at	2026-04-08T12:55:00Z

value	0.10773
scoring_system	epss
scoring_elements	0.9334
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1839

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=758605
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=758605

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://support.apple.com/HT206564
reference_id
reference_type
scores
url	https://support.apple.com/HT206564

reference_url	https://support.apple.com/HT206566
reference_id
reference_type
scores
url	https://support.apple.com/HT206566

reference_url	https://support.apple.com/HT206567
reference_id
reference_type
scores
url	https://support.apple.com/HT206567

reference_url	https://support.apple.com/HT206568
reference_id
reference_type
scores
url	https://support.apple.com/HT206568

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/90691
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90691

reference_url	http://www.securitytracker.com/id/1035890
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035890

reference_url	http://www.securitytracker.com/id/1038623
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1038623

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338703
reference_id	1338703
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338703

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::
reference_id	cpe:2.3:a:mcafee:web_gateway::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url	https://code.google.com/p/google-security-research/issues/detail?id=637
reference_id	CVE-2016-1839
reference_type	exploit
scores
url	https://code.google.com/p/google-security-research/issues/detail?id=637

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39491.txt
reference_id	CVE-2016-1839
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39491.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1839

reference_id

CVE-2016-1839

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1839

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-1839

risk_score 10.0

exploitability 2.0

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7h3p-7ej2-17f1

url VCID-7rzw-9jj5-4ybk

vulnerability_id VCID-7rzw-9jj5-4ybk

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The xmlNextChar function in libxml2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

references

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2549.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2550.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8241.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8241.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8241

reference_id

reference_type

scores

value	0.01001
scoring_system	epss
scoring_elements	0.76988
published_at	2026-04-13T12:55:00Z

value	0.01001
scoring_system	epss
scoring_elements	0.76993
published_at	2026-04-12T12:55:00Z

value	0.01001
scoring_system	epss
scoring_elements	0.76926
published_at	2026-04-01T12:55:00Z

value	0.01001
scoring_system	epss
scoring_elements	0.76932
published_at	2026-04-02T12:55:00Z

value	0.01001
scoring_system	epss
scoring_elements	0.76962
published_at	2026-04-04T12:55:00Z

value	0.01001
scoring_system	epss
scoring_elements	0.76944
published_at	2026-04-07T12:55:00Z

value	0.01001
scoring_system	epss
scoring_elements	0.76976
published_at	2026-04-08T12:55:00Z

value	0.01001
scoring_system	epss
scoring_elements	0.76987
published_at	2026-04-09T12:55:00Z

value	0.01001
scoring_system	epss
scoring_elements	0.77014
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8241

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=756263
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=756263

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url	http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3430

reference_url	http://www.openwall.com/lists/oss-security/2015/11/17/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/17/5

reference_url	http://www.openwall.com/lists/oss-security/2015/11/18/23
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/18/23

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/77621
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/77621

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url	http://www.ubuntu.com/usn/USN-2834-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2834-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1281936
reference_id	1281936
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1281936

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806384
reference_id	806384
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806384

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8241

reference_id

CVE-2015-8241

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8241

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2834-1/
reference_id	USN-2834-1
reference_type
scores
url	https://usn.ubuntu.com/2834-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-8241

risk_score 2.9

exploitability 0.5

weighted_severity 5.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rzw-9jj5-4ybk

url VCID-8d2w-3c3p-zqaz

vulnerability_id VCID-8d2w-3c3p-zqaz

summary libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34459.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34459

reference_id

reference_type

scores

value	0.0078
scoring_system	epss
scoring_elements	0.73676
published_at	2026-04-13T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73635
published_at	2026-04-02T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73659
published_at	2026-04-04T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73632
published_at	2026-04-07T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73667
published_at	2026-04-08T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.7368
published_at	2026-04-09T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73702
published_at	2026-04-11T12:55:00Z

value	0.0078
scoring_system	epss
scoring_elements	0.73685
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34459

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34459

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162
reference_id	1071162
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071162

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2280532
reference_id	2280532
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2280532

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/

reference_id

5HVUXKYTBWT3G5DEEQX62STJQBY367NL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5HVUXKYTBWT3G5DEEQX62STJQBY367NL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/

reference_id

INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INKSSLW5VMZIXHRPZBAW4TJUX5SQKARG/

reference_url	https://usn.ubuntu.com/7240-1/
reference_id	USN-7240-1
reference_type
scores
url	https://usn.ubuntu.com/7240-1/

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8

reference_id

v2.11.8

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.11.8

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7

reference_id

v2.12.7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/

reference_id

VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-22T17:18:58Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRDJCNQP32LV56KESUQ5SNZKAJWSZZRI/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2024-34459

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8d2w-3c3p-zqaz

url VCID-8tej-h12t-2fag

vulnerability_id VCID-8tej-h12t-2fag

summary

Improper Restriction of XML External Entity Reference
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7375

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.48823
published_at	2026-04-13T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48754
published_at	2026-04-01T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48793
published_at	2026-04-02T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48818
published_at	2026-04-04T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48773
published_at	2026-04-07T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48827
published_at	2026-04-08T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48824
published_at	2026-04-09T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48841
published_at	2026-04-11T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48815
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1462203

reference_id

1462203

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1462203

reference_url

https://source.android.com/security/bulletin/2017-06-01

reference_id

2017-06-01

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://source.android.com/security/bulletin/2017-06-01

reference_url

https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa

reference_id

308396a55280f69ad4112d4f9892f4cbeff042aa

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867
reference_id	870867
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867

reference_url

http://www.securityfocus.com/bid/98877

reference_id

98877

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

http://www.securityfocus.com/bid/98877

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7375
reference_id	CVE-2017-7375
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7375

reference_url

https://www.debian.org/security/2017/dsa-3952

reference_id

dsa-3952

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://www.debian.org/security/2017/dsa-3952

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

reference_id

?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-7375

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tej-h12t-2fag

url VCID-9hqf-12yh-bkc8

vulnerability_id VCID-9hqf-12yh-bkc8

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3518.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3518

reference_id

reference_type

scores

value	0.0025
scoring_system	epss
scoring_elements	0.48398
published_at	2026-04-13T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48386
published_at	2026-04-12T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48412
published_at	2026-04-11T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48388
published_at	2026-04-09T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48394
published_at	2026-04-08T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.48339
published_at	2026-04-07T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49056
published_at	2026-04-01T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.49118
published_at	2026-04-04T12:55:00Z

value	0.00257
scoring_system	epss
scoring_elements	0.4909
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3518

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1954242

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1954242

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518

reference_url

http://seclists.org/fulldisclosure/2021/Jul/54

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/54

reference_url

http://seclists.org/fulldisclosure/2021/Jul/55

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/55

reference_url

http://seclists.org/fulldisclosure/2021/Jul/58

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/58

reference_url

http://seclists.org/fulldisclosure/2021/Jul/59

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2021/Jul/59

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3518.yml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3518

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3518

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_url	https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210625-0002/

reference_url

https://support.apple.com/kb/HT212601

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212601

reference_url

https://support.apple.com/kb/HT212602

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212602

reference_url

https://support.apple.com/kb/HT212604

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212604

reference_url

https://support.apple.com/kb/HT212605

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://support.apple.com/kb/HT212605

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737
reference_id	987737
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987737

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-v4f8-2847-rwm7

reference_url

reference_id

GHSA-v4f8-2847-rwm7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v4f8-2847-rwm7

reference_url

reference_id

GLSA-202107-05

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3518, GHSA-v4f8-2847-rwm7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hqf-12yh-bkc8

url VCID-9p2f-ynzb-r3gj

vulnerability_id VCID-9p2f-ynzb-r3gj

summary

Vulnerabilities in libxml2
Several vulnerabilities were discovered in the libxml2 library that this package gem depends on.

references

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url

http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5312

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5312.json

reference_url

reference_id

reference_type

scores

value	0.00966
scoring_system	epss
scoring_elements	0.76575
published_at	2026-04-13T12:55:00Z

value	0.00966
scoring_system	epss
scoring_elements	0.76518
published_at	2026-04-01T12:55:00Z

value	0.00966
scoring_system	epss
scoring_elements	0.76523
published_at	2026-04-02T12:55:00Z

value	0.00966
scoring_system	epss
scoring_elements	0.76552
published_at	2026-04-04T12:55:00Z

value	0.00966
scoring_system	epss
scoring_elements	0.76534
published_at	2026-04-07T12:55:00Z

value	0.00966
scoring_system	epss
scoring_elements	0.76566
published_at	2026-04-08T12:55:00Z

value	0.00966
scoring_system	epss
scoring_elements	0.76577
published_at	2026-04-09T12:55:00Z

value	0.00966
scoring_system	epss
scoring_elements	0.76603
published_at	2026-04-11T12:55:00Z

value	0.00966
scoring_system	epss
scoring_elements	0.76582
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5312

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1276693

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1276693

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-5312.yml

reference_url	https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/4205af1a2a546f79d1b48df2ad8b27299c0099c5

reference_url	https://github.com/sparklemotion/nokogiri/pull/1378
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/pull/1378

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s

reference_url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/79536
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/79536

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5312

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url

reference_id

CVE-2015-5312

reference_type

scores

value	7.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5312

reference_url

https://github.com/advisories/GHSA-xjqg-9jvg-fgx2

reference_id

GHSA-xjqg-9jvg-fgx2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xjqg-9jvg-fgx2

reference_url

reference_id

GLSA-201701-37

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2834-1/
reference_id	USN-2834-1
reference_type
scores
url	https://usn.ubuntu.com/2834-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-5312, GHSA-xjqg-9jvg-fgx2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9p2f-ynzb-r3gj

url VCID-9q49-2srz-rkg7

vulnerability_id VCID-9q49-2srz-rkg7

summary

Use After Free
Use-after-free vulnerability in libxml2, as used in Google Chrome, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

references

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1485.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://rhn.redhat.com/errata/RHSA-2016-1485.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5131.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5131.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5131

reference_id

reference_type

scores

value	0.03868
scoring_system	epss
scoring_elements	0.88226
published_at	2026-04-13T12:55:00Z

value	0.03868
scoring_system	epss
scoring_elements	0.88198
published_at	2026-04-07T12:55:00Z

value	0.03868
scoring_system	epss
scoring_elements	0.88217
published_at	2026-04-08T12:55:00Z

value	0.03868
scoring_system	epss
scoring_elements	0.88223
published_at	2026-04-09T12:55:00Z

value	0.03868
scoring_system	epss
scoring_elements	0.88234
published_at	2026-04-11T12:55:00Z

value	0.03868
scoring_system	epss
scoring_elements	0.88227
published_at	2026-04-12T12:55:00Z

value	0.03971
scoring_system	epss
scoring_elements	0.8833
published_at	2026-04-01T12:55:00Z

value	0.03971
scoring_system	epss
scoring_elements	0.88338
published_at	2026-04-02T12:55:00Z

value	0.03971
scoring_system	epss
scoring_elements	0.88352
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5131

reference_url

https://codereview.chromium.org/2127493002

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

https://codereview.chromium.org/2127493002

reference_url

https://crbug.com/623378

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

https://crbug.com/623378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1704

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1706

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1707

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1708

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1710

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1711

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5127

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5128

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5129

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5130

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5132

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5133

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5134

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5135

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5136

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5137

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://source.android.com/security/bulletin/2017-05-01

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

https://source.android.com/security/bulletin/2017-05-01

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://www.debian.org/security/2016/dsa-3637

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://www.debian.org/security/2016/dsa-3637

reference_url

http://www.securityfocus.com/bid/92053

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://www.securityfocus.com/bid/92053

reference_url

http://www.securitytracker.com/id/1036428

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://www.securitytracker.com/id/1036428

reference_url

http://www.securitytracker.com/id/1038623

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://www.securitytracker.com/id/1038623

reference_url

http://www.ubuntu.com/usn/USN-3041-1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

http://www.ubuntu.com/usn/USN-3041-1

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1358641

reference_id

1358641

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1358641

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554
reference_id	840554
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840554

reference_url	https://security.archlinux.org/ASA-201611-2
reference_id	ASA-201611-2
reference_type
scores
url	https://security.archlinux.org/ASA-201611-2

reference_url

reference_id

AVG-56

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
reference_id	cpe:2.3:a:google:chrome::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise:12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise:12.0:::::::*

reference_url

reference_id

CVE-2016-5131

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5131

reference_url

https://security.gentoo.org/glsa/201610-09

reference_id

GLSA-201610-09

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

https://security.gentoo.org/glsa/201610-09

reference_url

reference_id

GLSA-201701-37

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:49:18Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json

reference_url	https://access.redhat.com/errata/RHSA-2016:1485
reference_id	RHSA-2016:1485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1485

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

reference_url	https://usn.ubuntu.com/3041-1/
reference_id	USN-3041-1
reference_type
scores
url	https://usn.ubuntu.com/3041-1/

reference_url	https://usn.ubuntu.com/3235-1/
reference_id	USN-3235-1
reference_type
scores
url	https://usn.ubuntu.com/3235-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-5131

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9q49-2srz-rkg7

url VCID-aasn-u7fd-8bhy

vulnerability_id VCID-aasn-u7fd-8bhy

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39615

reference_id

reference_type

scores

value	0.00117
scoring_system	epss
scoring_elements	0.30604
published_at	2026-04-13T12:55:00Z

value	0.00117
scoring_system	epss
scoring_elements	0.30649
published_at	2026-04-12T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32187
published_at	2026-04-11T12:55:00Z

value	0.00128
scoring_system	epss
scoring_elements	0.32184
published_at	2026-04-09T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34244
published_at	2026-04-02T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34276
published_at	2026-04-04T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.363
published_at	2026-04-08T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36251
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39615

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/535

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:25:30Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/535

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230
reference_id	1051230
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2235864
reference_id	2235864
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2235864

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-39615
reference_id	CVE-2023-39615
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-39615

reference_url	https://access.redhat.com/errata/RHSA-2023:7544
reference_id	RHSA-2023:7544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7544

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2023:7747
reference_id	RHSA-2023:7747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7747

reference_url	https://access.redhat.com/errata/RHSA-2024:0119
reference_id	RHSA-2024:0119
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0119

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:1477
reference_id	RHSA-2024:1477
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1477

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2023-39615

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aasn-u7fd-8bhy

url VCID-ah8e-sxuu-jqcw

vulnerability_id VCID-ah8e-sxuu-jqcw

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The xmlParseXMLDecl function in parser.c in libxml2 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2549.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8317.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8317.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8317

reference_id

reference_type

scores

value	0.00293
scoring_system	epss
scoring_elements	0.52662
published_at	2026-04-13T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52678
published_at	2026-04-12T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52562
published_at	2026-04-01T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52605
published_at	2026-04-02T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52631
published_at	2026-04-04T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52598
published_at	2026-04-07T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52649
published_at	2026-04-08T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52644
published_at	2026-04-09T12:55:00Z

value	0.00293
scoring_system	epss
scoring_elements	0.52694
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8317

reference_url	https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html
reference_id
reference_type
scores
url	https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=751603
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=751603

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=751631
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=751631

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url	https://support.apple.com/HT206899
reference_id
reference_type
scores
url	https://support.apple.com/HT206899

reference_url	https://support.apple.com/HT206901
reference_id
reference_type
scores
url	https://support.apple.com/HT206901

reference_url	https://support.apple.com/HT206902
reference_id
reference_type
scores
url	https://support.apple.com/HT206902

reference_url	https://support.apple.com/HT206903
reference_id
reference_type
scores
url	https://support.apple.com/HT206903

reference_url	https://support.apple.com/HT206904
reference_id
reference_type
scores
url	https://support.apple.com/HT206904

reference_url	https://support.apple.com/HT206905
reference_id
reference_type
scores
url	https://support.apple.com/HT206905

reference_url	http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3430

reference_url	http://www.openwall.com/lists/oss-security/2015/11/21/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/21/1

reference_url	http://www.openwall.com/lists/oss-security/2015/11/22/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/22/3

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/77681
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/77681

reference_url	http://www.securityfocus.com/bid/91826
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/91826

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url	http://www.ubuntu.com/usn/USN-2834-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2834-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1281930
reference_id	1281930
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1281930

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8317

reference_id

CVE-2015-8317

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8317

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2834-1/
reference_id	USN-2834-1
reference_type
scores
url	https://usn.ubuntu.com/2834-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-8317

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ah8e-sxuu-jqcw

url VCID-ahha-vnq4-7qd2

vulnerability_id VCID-ahha-vnq4-7qd2

summary libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9714.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9714

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.00812
published_at	2026-04-04T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00909
published_at	2026-04-13T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00927
published_at	2026-04-08T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00912
published_at	2026-04-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00907
published_at	2026-04-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00924
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9714

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2392605
reference_id	2392605
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2392605

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21

reference_id

677a42645ef22b5a50741bad5facf9d8a8bc6d21

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T18:46:42Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21

reference_url	https://access.redhat.com/errata/RHSA-2025:22162
reference_id	RHSA-2025:22162
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22162

reference_url	https://access.redhat.com/errata/RHSA-2025:22163
reference_id	RHSA-2025:22163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22163

reference_url	https://access.redhat.com/errata/RHSA-2025:22177
reference_id	RHSA-2025:22177
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22177

reference_url	https://access.redhat.com/errata/RHSA-2025:22376
reference_id	RHSA-2025:22376
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22376

reference_url	https://access.redhat.com/errata/RHSA-2025:22377
reference_id	RHSA-2025:22377
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22377

reference_url	https://access.redhat.com/errata/RHSA-2025:22868
reference_id	RHSA-2025:22868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22868

reference_url	https://access.redhat.com/errata/RHSA-2025:23202
reference_id	RHSA-2025:23202
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23202

reference_url	https://access.redhat.com/errata/RHSA-2025:23204
reference_id	RHSA-2025:23204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23204

reference_url	https://access.redhat.com/errata/RHSA-2025:23205
reference_id	RHSA-2025:23205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23205

reference_url	https://access.redhat.com/errata/RHSA-2025:23209
reference_id	RHSA-2025:23209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23209

reference_url	https://access.redhat.com/errata/RHSA-2025:23227
reference_id	RHSA-2025:23227
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23227

reference_url	https://access.redhat.com/errata/RHSA-2025:23234
reference_id	RHSA-2025:23234
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23234

reference_url	https://access.redhat.com/errata/RHSA-2025:23449
reference_id	RHSA-2025:23449
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23449

reference_url	https://access.redhat.com/errata/RHSA-2026:0414
reference_id	RHSA-2026:0414
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0414

reference_url	https://access.redhat.com/errata/RHSA-2026:0677
reference_id	RHSA-2026:0677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0677

reference_url	https://access.redhat.com/errata/RHSA-2026:0702
reference_id	RHSA-2026:0702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0702

reference_url	https://access.redhat.com/errata/RHSA-2026:0978
reference_id	RHSA-2026:0978
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0978

reference_url	https://access.redhat.com/errata/RHSA-2026:0980
reference_id	RHSA-2026:0980
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0980

reference_url	https://access.redhat.com/errata/RHSA-2026:0985
reference_id	RHSA-2026:0985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0985

reference_url	https://access.redhat.com/errata/RHSA-2026:0996
reference_id	RHSA-2026:0996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:0996

reference_url	https://access.redhat.com/errata/RHSA-2026:1539
reference_id	RHSA-2026:1539
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1539

reference_url	https://access.redhat.com/errata/RHSA-2026:1541
reference_id	RHSA-2026:1541
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1541

reference_url	https://access.redhat.com/errata/RHSA-2026:1652
reference_id	RHSA-2026:1652
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1652

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://usn.ubuntu.com/7743-1/
reference_id	USN-7743-1
reference_type
scores
url	https://usn.ubuntu.com/7743-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-9714

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ahha-vnq4-7qd2

url VCID-azzy-m5pc-qudn

vulnerability_id VCID-azzy-m5pc-qudn

summary

Loop with Unreachable Exit Condition ('Infinite Loop')
parser.c in libxml2 does not prevent infinite recursion in parameter entities.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16932.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16932

reference_id

reference_type

scores

value	0.21989
scoring_system	epss
scoring_elements	0.95738
published_at	2026-04-01T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95772
published_at	2026-04-12T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95773
published_at	2026-04-11T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95769
published_at	2026-04-09T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95766
published_at	2026-04-08T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95757
published_at	2026-04-07T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95755
published_at	2026-04-04T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95774
published_at	2026-04-13T12:55:00Z

value	0.21989
scoring_system	epss
scoring_elements	0.95747
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16932

reference_url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=759579

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=759579

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16932

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.yml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961

reference_url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

reference_url	https://usn.ubuntu.com/usn/usn-3504-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/usn/usn-3504-1/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-04T13:30:08Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16932

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1517316
reference_id	1517316
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1517316

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613
reference_id	882613
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882613

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url

reference_id

CVE-2017-16932

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16932

reference_url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html
reference_id	CVE-2017-16932.HTML
reference_type
scores
url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16932.html

reference_url

https://github.com/advisories/GHSA-x2fm-93ww-ggvx

reference_id

GHSA-x2fm-93ww-ggvx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x2fm-93ww-ggvx

reference_url	https://usn.ubuntu.com/3504-1/
reference_id	USN-3504-1
reference_type
scores
url	https://usn.ubuntu.com/3504-1/

reference_url	https://usn.ubuntu.com/3504-2/
reference_id	USN-3504-2
reference_type
scores
url	https://usn.ubuntu.com/3504-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2017-16932, GHSA-x2fm-93ww-ggvx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-azzy-m5pc-qudn

url VCID-b5tz-9s1v-pkg7

vulnerability_id VCID-b5tz-9s1v-pkg7

summary

Vulnerabilities in libxml2 and libxslt
Several vulnerabilities were discovered in the libxml2 and libxslt libraries that this package gem depends on.

references

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html

reference_url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-1419.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-1419.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1819

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json

reference_url

reference_id

reference_type

scores

value	0.01944
scoring_system	epss
scoring_elements	0.83441
published_at	2026-04-13T12:55:00Z

value	0.01944
scoring_system	epss
scoring_elements	0.83402
published_at	2026-04-07T12:55:00Z

value	0.01944
scoring_system	epss
scoring_elements	0.83426
published_at	2026-04-08T12:55:00Z

value	0.01944
scoring_system	epss
scoring_elements	0.83437
published_at	2026-04-09T12:55:00Z

value	0.01944
scoring_system	epss
scoring_elements	0.83451
published_at	2026-04-11T12:55:00Z

value	0.01944
scoring_system	epss
scoring_elements	0.83445
published_at	2026-04-12T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83606
published_at	2026-04-04T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83591
published_at	2026-04-02T12:55:00Z

value	0.01997
scoring_system	epss
scoring_elements	0.83579
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml

reference_url	https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59

reference_url

https://github.com/sparklemotion/nokogiri/issues/1374

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1374

reference_url	https://github.com/sparklemotion/nokogiri/pull/1376
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/pull/1376

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-1819

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-1819

reference_url

https://security.gentoo.org/glsa/201507-08

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201507-08

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

reference_url

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url

http://www.ubuntu.com/usn/USN-2812-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2812-1

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-q7wx-62r7-j2x7

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1211278
reference_id	1211278
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1211278

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782
reference_id	782782
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782

reference_url

reference_id

GHSA-q7wx-62r7-j2x7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q7wx-62r7-j2x7

reference_url

reference_id

GLSA-201701-37

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1543

reference_url	https://access.redhat.com/errata/RHSA-2015:1419
reference_id	RHSA-2015:1419
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1419

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://usn.ubuntu.com/2812-1/
reference_id	USN-2812-1
reference_type
scores
url	https://usn.ubuntu.com/2812-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-1819, GHSA-q7wx-62r7-j2x7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5tz-9s1v-pkg7

url VCID-bejh-22y7-kuh6

vulnerability_id VCID-bejh-22y7-kuh6

summary

NULL Pointer Dereference
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://access.redhat.com/errata/RHSA-2019:1543

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14404.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14404

reference_id

reference_type

scores

value	0.18492
scoring_system	epss
scoring_elements	0.95218
published_at	2026-04-02T12:55:00Z

value	0.18492
scoring_system	epss
scoring_elements	0.95206
published_at	2026-04-01T12:55:00Z

value	0.18492
scoring_system	epss
scoring_elements	0.9522
published_at	2026-04-04T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95464
published_at	2026-04-09T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95468
published_at	2026-04-12T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95469
published_at	2026-04-13T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95454
published_at	2026-04-07T12:55:00Z

value	0.20012
scoring_system	epss
scoring_elements	0.95461
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14404

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1595985

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1595985

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1785

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1785

reference_url

https://gitlab.gnome.org/GNOME/libxml2/issues/10

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://gitlab.gnome.org/GNOME/libxml2/issues/10

reference_url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20190719-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190719-0002

reference_url

https://security.netapp.com/advisory/ntap-20190719-0002/

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://security.netapp.com/advisory/ntap-20190719-0002/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://usn.ubuntu.com/3739-2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3739-2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:-:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14404

reference_id

CVE-2018-14404

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14404

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml

reference_id

CVE-2018-14404.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.yml

reference_url

https://github.com/advisories/GHSA-6qvp-r6r3-9p7h

reference_id

GHSA-6qvp-r6r3-9p7h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6qvp-r6r3-9p7h

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

reference_url	https://access.redhat.com/errata/RHSA-2020:1827
reference_id	RHSA-2020:1827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1827

reference_url

reference_id

USN-3739-2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T21:07:49Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1836

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2018-14404, GHSA-6qvp-r6r3-9p7h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bejh-22y7-kuh6

url VCID-bk98-bfkg-7bdt

vulnerability_id VCID-bk98-bfkg-7bdt

summary

Use After Free
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service via a crafted XML document.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1836.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1836.json

reference_url

reference_id

reference_type

scores

value	0.01153
scoring_system	epss
scoring_elements	0.78511
published_at	2026-04-13T12:55:00Z

value	0.01153
scoring_system	epss
scoring_elements	0.78519
published_at	2026-04-12T12:55:00Z

value	0.01153
scoring_system	epss
scoring_elements	0.7846
published_at	2026-04-01T12:55:00Z

value	0.01153
scoring_system	epss
scoring_elements	0.78466
published_at	2026-04-02T12:55:00Z

value	0.01153
scoring_system	epss
scoring_elements	0.78497
published_at	2026-04-04T12:55:00Z

value	0.01153
scoring_system	epss
scoring_elements	0.7848
published_at	2026-04-07T12:55:00Z

value	0.01153
scoring_system	epss
scoring_elements	0.78507
published_at	2026-04-08T12:55:00Z

value	0.01153
scoring_system	epss
scoring_elements	0.78512
published_at	2026-04-09T12:55:00Z

value	0.01153
scoring_system	epss
scoring_elements	0.78537
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1836

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=759398
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=759398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://support.apple.com/HT206564
reference_id
reference_type
scores
url	https://support.apple.com/HT206564

reference_url	https://support.apple.com/HT206566
reference_id
reference_type
scores
url	https://support.apple.com/HT206566

reference_url	https://support.apple.com/HT206567
reference_id
reference_type
scores
url	https://support.apple.com/HT206567

reference_url	https://support.apple.com/HT206568
reference_id
reference_type
scores
url	https://support.apple.com/HT206568

reference_url	https://support.apple.com/HT206899
reference_id
reference_type
scores
url	https://support.apple.com/HT206899

reference_url	https://support.apple.com/HT206901
reference_id
reference_type
scores
url	https://support.apple.com/HT206901

reference_url	https://support.apple.com/HT206902
reference_id
reference_type
scores
url	https://support.apple.com/HT206902

reference_url	https://support.apple.com/HT206903
reference_id
reference_type
scores
url	https://support.apple.com/HT206903

reference_url	https://support.apple.com/HT206904
reference_id
reference_type
scores
url	https://support.apple.com/HT206904

reference_url	https://support.apple.com/HT206905
reference_id
reference_type
scores
url	https://support.apple.com/HT206905

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/90691
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90691

reference_url	http://www.securitytracker.com/id/1035890
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035890

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338702
reference_id	1338702
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338702

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::
reference_id	cpe:2.3:a:mcafee:web_gateway::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1836

reference_id

CVE-2016-1836

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1836

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-1836

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bk98-bfkg-7bdt

url VCID-bp8r-8jjt-hygw

vulnerability_id VCID-bp8r-8jjt-hygw

summary

Improper Input Validation
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

references

reference_url	http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3705.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3705.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3705

reference_id

reference_type

scores

value	0.01034
scoring_system	epss
scoring_elements	0.77362
published_at	2026-04-13T12:55:00Z

value	0.01034
scoring_system	epss
scoring_elements	0.77365
published_at	2026-04-12T12:55:00Z

value	0.01034
scoring_system	epss
scoring_elements	0.77304
published_at	2026-04-01T12:55:00Z

value	0.01034
scoring_system	epss
scoring_elements	0.77311
published_at	2026-04-02T12:55:00Z

value	0.01034
scoring_system	epss
scoring_elements	0.77339
published_at	2026-04-04T12:55:00Z

value	0.01034
scoring_system	epss
scoring_elements	0.7732
published_at	2026-04-07T12:55:00Z

value	0.01034
scoring_system	epss
scoring_elements	0.7735
published_at	2026-04-08T12:55:00Z

value	0.01034
scoring_system	epss
scoring_elements	0.77359
published_at	2026-04-09T12:55:00Z

value	0.01034
scoring_system	epss
scoring_elements	0.77386
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3705

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=765207
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=765207

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url	http://seclists.org/fulldisclosure/2016/May/10
reference_id
reference_type
scores
url	http://seclists.org/fulldisclosure/2016/May/10

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/89854
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/89854

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1332443
reference_id	1332443
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1332443

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823414
reference_id	823414
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823414

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.3:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-3705

reference_id

CVE-2016-3705

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3705

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-3705

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bp8r-8jjt-hygw

url VCID-bz1e-1ypb-kkgg

vulnerability_id VCID-bz1e-1ypb-kkgg

summary libxml: Type confusion leads to Denial of service (DoS)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-49796

reference_id

reference_type

scores

value	0.00496
scoring_system	epss
scoring_elements	0.65756
published_at	2026-04-07T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.6584
published_at	2026-04-11T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65761
published_at	2026-04-02T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.6582
published_at	2026-04-09T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65809
published_at	2026-04-08T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65791
published_at	2026-04-04T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.82685
published_at	2026-04-13T12:55:00Z

value	0.01777
scoring_system	epss
scoring_elements	0.82689
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-49796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752
reference_id	1107752
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107752

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

reference_id

2372385

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2372385

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/933

reference_id

933

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/933

reference_url

reference_id

AVG-2898

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2025-49796

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9
reference_id	cpe:/a:redhat:cert_manager:1.16::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9
reference_id	cpe:/a:redhat:discovery:2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9
reference_id	cpe:/a:redhat:insights_proxy:1.5::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1
reference_id	cpe:/a:redhat:jboss_core_services:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_core_services:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
reference_id	cpe:/a:redhat:openshift:4.12::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id	cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id	cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9
reference_id	cpe:/a:redhat:openshift:4.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9
reference_id	cpe:/a:redhat:openshift:4.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9
reference_id	cpe:/a:redhat:openshift:4.19::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9
reference_id	cpe:/a:redhat:openshift:4.20::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_id	cpe:/a:redhat:openshift_file_integrity_operator:1::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8
reference_id	cpe:/a:redhat:openshift_serverless:1.36::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_aus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_aus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_id	cpe:/a:redhat:rhel_e4s:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.0::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_id	cpe:/a:redhat:rhel_e4s:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_id	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus_long_life:8.4::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream
reference_id	cpe:/a:redhat:rhel_tus:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_tus:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9
reference_id	cpe:/a:redhat:webterminal:1.11::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9
reference_id	cpe:/a:redhat:webterminal:1.12::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0
reference_id	cpe:/o:redhat:enterprise_linux:10.0
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
reference_id	cpe:/o:redhat:enterprise_linux:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
reference_id	cpe:/o:redhat:enterprise_linux:8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
reference_id	cpe:/o:redhat:enterprise_linux:9::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_aus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_id	cpe:/o:redhat:rhel_e4s:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.0::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_id	cpe:/o:redhat:rhel_e4s:9.2::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7
reference_id	cpe:/o:redhat:rhel_els:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos
reference_id	cpe:/o:redhat:rhel_eus:9.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_id	cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.6::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos
reference_id	cpe:/o:redhat:rhel_tus:8.8::baseos
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos

reference_url

reference_id

CVE-2025-49796

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://access.redhat.com/security/cve/CVE-2025-49796

reference_url

reference_id

RHSA-2025:10630

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:10698

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:10699

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:11580

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12098

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12099

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12199

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12237

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12239

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12240

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:12241

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:13267

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:13335

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:15827

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:15828

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:18219

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:19020

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2025:21913

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

reference_url

reference_id

RHSA-2026:0934

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:32:55Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json

reference_url	https://usn.ubuntu.com/7694-1/
reference_id	USN-7694-1
reference_type
scores
url	https://usn.ubuntu.com/7694-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-49796

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz1e-1ypb-kkgg

url VCID-c9ds-faa9-t7be

vulnerability_id VCID-c9ds-faa9-t7be

summary libxml2: Use-After-Free in libxml2

references

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-56171.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-56171

reference_id

reference_type

scores

value	0.00183
scoring_system	epss
scoring_elements	0.39997
published_at	2026-04-13T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40044
published_at	2026-04-09T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40054
published_at	2026-04-11T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40017
published_at	2026-04-12T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40029
published_at	2026-04-02T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.40055
published_at	2026-04-04T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.39977
published_at	2026-04-07T12:55:00Z

value	0.00183
scoring_system	epss
scoring_elements	0.4003
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-56171

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56171

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320
reference_id	1098320
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098320

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2346416
reference_id	2346416
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2346416

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

reference_id

828

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-02-19T16:26:31Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

reference_url	https://access.redhat.com/errata/RHSA-2025:2482
reference_id	RHSA-2025:2482
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2482

reference_url	https://access.redhat.com/errata/RHSA-2025:2483
reference_id	RHSA-2025:2483
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2483

reference_url	https://access.redhat.com/errata/RHSA-2025:2507
reference_id	RHSA-2025:2507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2507

reference_url	https://access.redhat.com/errata/RHSA-2025:2513
reference_id	RHSA-2025:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2513

reference_url	https://access.redhat.com/errata/RHSA-2025:2654
reference_id	RHSA-2025:2654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2654

reference_url	https://access.redhat.com/errata/RHSA-2025:2660
reference_id	RHSA-2025:2660
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2660

reference_url	https://access.redhat.com/errata/RHSA-2025:2673
reference_id	RHSA-2025:2673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2673

reference_url	https://access.redhat.com/errata/RHSA-2025:2678
reference_id	RHSA-2025:2678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2678

reference_url	https://access.redhat.com/errata/RHSA-2025:2679
reference_id	RHSA-2025:2679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2679

reference_url	https://access.redhat.com/errata/RHSA-2025:2686
reference_id	RHSA-2025:2686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2686

reference_url	https://access.redhat.com/errata/RHSA-2025:2789
reference_id	RHSA-2025:2789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2789

reference_url	https://access.redhat.com/errata/RHSA-2025:3055
reference_id	RHSA-2025:3055
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3055

reference_url	https://access.redhat.com/errata/RHSA-2025:3059
reference_id	RHSA-2025:3059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3059

reference_url	https://access.redhat.com/errata/RHSA-2025:3066
reference_id	RHSA-2025:3066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3066

reference_url	https://access.redhat.com/errata/RHSA-2025:3368
reference_id	RHSA-2025:3368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3368

reference_url	https://access.redhat.com/errata/RHSA-2025:3397
reference_id	RHSA-2025:3397
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3397

reference_url	https://access.redhat.com/errata/RHSA-2025:3453
reference_id	RHSA-2025:3453
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3453

reference_url	https://access.redhat.com/errata/RHSA-2025:3569
reference_id	RHSA-2025:3569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3569

reference_url	https://access.redhat.com/errata/RHSA-2025:3867
reference_id	RHSA-2025:3867
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3867

reference_url	https://access.redhat.com/errata/RHSA-2025:4005
reference_id	RHSA-2025:4005
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4005

reference_url	https://access.redhat.com/errata/RHSA-2025:9895
reference_id	RHSA-2025:9895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9895

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2024-56171

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ds-faa9-t7be

url VCID-cbm2-cez4-bqgh

vulnerability_id VCID-cbm2-cez4-bqgh

summary

Use After Free
`valid.c` in libxml2 before 2.9.13 has a use-after-free of `ID` and `IDREF` attributes.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23308.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23308

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.15524
published_at	2026-04-13T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15601
published_at	2026-04-08T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15656
published_at	2026-04-09T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15623
published_at	2026-04-11T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15588
published_at	2026-04-12T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15515
published_at	2026-04-07T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16267
published_at	2026-04-02T12:55:00Z

value	0.00052
scoring_system	epss
scoring_elements	0.16327
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23308

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
reference_id
reference_type
scores
url	https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e

reference_url	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2
reference_id
reference_type
scores
url	https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.2

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489
reference_id	1006489
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006489

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2056913
reference_id	2056913
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2056913

reference_url

reference_id

AVG-2726

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8710

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-23308
reference_id	CVE-2022-23308
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-23308

reference_url	https://security.gentoo.org/glsa/202210-03
reference_id	GLSA-202210-03
reference_type
scores
url	https://security.gentoo.org/glsa/202210-03

reference_url	https://access.redhat.com/errata/RHSA-2022:0899
reference_id	RHSA-2022:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0899

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/5324-1/
reference_id	USN-5324-1
reference_type
scores
url	https://usn.ubuntu.com/5324-1/

reference_url	https://usn.ubuntu.com/5422-1/
reference_id	USN-5422-1
reference_type
scores
url	https://usn.ubuntu.com/5422-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-23308

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbm2-cez4-bqgh

url VCID-cgfv-pps6-6khd

vulnerability_id VCID-cgfv-pps6-6khd

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8710.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8710.json

reference_url

reference_id

reference_type

scores

value	0.04711
scoring_system	epss
scoring_elements	0.89371
published_at	2026-04-13T12:55:00Z

value	0.04711
scoring_system	epss
scoring_elements	0.89377
published_at	2026-04-11T12:55:00Z

value	0.04711
scoring_system	epss
scoring_elements	0.89374
published_at	2026-04-12T12:55:00Z

value	0.04711
scoring_system	epss
scoring_elements	0.89329
published_at	2026-04-01T12:55:00Z

value	0.04711
scoring_system	epss
scoring_elements	0.89334
published_at	2026-04-02T12:55:00Z

value	0.04711
scoring_system	epss
scoring_elements	0.89346
published_at	2026-04-04T12:55:00Z

value	0.04711
scoring_system	epss
scoring_elements	0.89348
published_at	2026-04-07T12:55:00Z

value	0.04711
scoring_system	epss
scoring_elements	0.89365
published_at	2026-04-08T12:55:00Z

value	0.04711
scoring_system	epss
scoring_elements	0.89369
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8710

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=746048
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=746048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c

reference_url	https://hackerone.com/reports/57125#activity-384861
reference_id
reference_type
scores
url	https://hackerone.com/reports/57125#activity-384861

reference_url	http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3430

reference_url	http://www.openwall.com/lists/oss-security/2015/04/19/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/04/19/4

reference_url	http://www.openwall.com/lists/oss-security/2015/09/13/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/09/13/1

reference_url	http://www.openwall.com/lists/oss-security/2015/12/31/7
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/12/31/7

reference_url	http://www.securityfocus.com/bid/79811
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/79811

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1213957
reference_id	1213957
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1213957

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782985
reference_id	782985
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782985

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8710

reference_id

CVE-2015-8710

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8710

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2875-1/
reference_id	USN-2875-1
reference_type
scores
url	https://usn.ubuntu.com/2875-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-8710

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgfv-pps6-6khd

url VCID-d68t-f8j1-h3am

vulnerability_id VCID-d68t-f8j1-h3am

summary

Use After Free
When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-25062.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25062

reference_id

reference_type

scores

value	0.00165
scoring_system	epss
scoring_elements	0.37547
published_at	2026-04-13T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37529
published_at	2026-04-07T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37581
published_at	2026-04-08T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37594
published_at	2026-04-09T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37608
published_at	2026-04-11T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37574
published_at	2026-04-12T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37627
published_at	2026-04-02T12:55:00Z

value	0.00165
scoring_system	epss
scoring_elements	0.37651
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25062

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25062

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T17:35:33Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234
reference_id	1063234
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063234

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2262726
reference_id	2262726
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2262726

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:2679
reference_id	RHSA-2024:2679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2679

reference_url	https://access.redhat.com/errata/RHSA-2024:3299
reference_id	RHSA-2024:3299
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3299

reference_url	https://access.redhat.com/errata/RHSA-2024:3303
reference_id	RHSA-2024:3303
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3303

reference_url	https://access.redhat.com/errata/RHSA-2024:3625
reference_id	RHSA-2024:3625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3625

reference_url	https://access.redhat.com/errata/RHSA-2024:3626
reference_id	RHSA-2024:3626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3626

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/tags

reference_id

tags

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-28T19:47:33Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/tags

reference_url	https://usn.ubuntu.com/5760-1/
reference_id	USN-5760-1
reference_type
scores
url	https://usn.ubuntu.com/5760-1/

reference_url	https://usn.ubuntu.com/5760-2/
reference_id	USN-5760-2
reference_type
scores
url	https://usn.ubuntu.com/5760-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-40304

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eb6k-ppfd-m7a3

url VCID-ecde-c15q-ukh1

vulnerability_id VCID-ecde-c15q-ukh1

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
xpointer.c in libxml2 (as used in Apple iOS, OS X, tvOS, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

references

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4658.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4658

reference_id

reference_type

scores

value	0.17714
scoring_system	epss
scoring_elements	0.95117
published_at	2026-04-13T12:55:00Z

value	0.17714
scoring_system	epss
scoring_elements	0.95096
published_at	2026-04-07T12:55:00Z

value	0.17714
scoring_system	epss
scoring_elements	0.95103
published_at	2026-04-08T12:55:00Z

value	0.17714
scoring_system	epss
scoring_elements	0.95107
published_at	2026-04-09T12:55:00Z

value	0.17714
scoring_system	epss
scoring_elements	0.95113
published_at	2026-04-11T12:55:00Z

value	0.17714
scoring_system	epss
scoring_elements	0.95115
published_at	2026-04-12T12:55:00Z

value	0.18099
scoring_system	epss
scoring_elements	0.95156
published_at	2026-04-04T12:55:00Z

value	0.18099
scoring_system	epss
scoring_elements	0.95154
published_at	2026-04-02T12:55:00Z

value	0.18099
scoring_system	epss
scoring_elements	0.95143
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5131

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b

reference_url

https://github.com/sparklemotion/nokogiri/issues/1615

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1615

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1384424
reference_id	1384424
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1384424

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553
reference_id	840553
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840553

reference_url	https://security.archlinux.org/ASA-201611-2
reference_id	ASA-201611-2
reference_type
scores
url	https://security.archlinux.org/ASA-201611-2

reference_url

reference_id

AVG-56

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4658

reference_url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html
reference_id	CVE-2016-4448.HTML
reference_type
scores
url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4448.html

reference_url

reference_id

CVE-2016-4658

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4658

reference_url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html
reference_id	CVE-2016-4658.HTML
reference_type
scores
url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4658.html

reference_url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html
reference_id	CVE-2016-5131.HTML
reference_type
scores
url	http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5131.html

reference_url

https://github.com/advisories/GHSA-fr52-4hqw-p27f

reference_id

GHSA-fr52-4hqw-p27f

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fr52-4hqw-p27f

reference_url

reference_id

GLSA-201701-37

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

reference_url	https://access.redhat.com/errata/RHSA-2021:3810
reference_id	RHSA-2021:3810
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3810

reference_url	https://usn.ubuntu.com/3235-1/
reference_id	USN-3235-1
reference_type
scores
url	https://usn.ubuntu.com/3235-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-4658, GHSA-fr52-4hqw-p27f

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecde-c15q-ukh1

url VCID-eebz-xjem-cygz

vulnerability_id VCID-eebz-xjem-cygz

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the xmlStrncat function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

references

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

reference_url

http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

reference_url

http://lists.apple.com/archives/security-announce/2016/May/msg00003.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

http://lists.apple.com/archives/security-announce/2016/May/msg00003.html

reference_url

http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1834.json

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1834.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1834

reference_id

reference_type

scores

value	0.02369
scoring_system	epss
scoring_elements	0.84876
published_at	2026-04-01T12:55:00Z

value	0.02369
scoring_system	epss
scoring_elements	0.84953
published_at	2026-04-13T12:55:00Z

value	0.02369
scoring_system	epss
scoring_elements	0.84958
published_at	2026-04-12T12:55:00Z

value	0.02369
scoring_system	epss
scoring_elements	0.8496
published_at	2026-04-11T12:55:00Z

value	0.02369
scoring_system	epss
scoring_elements	0.84944
published_at	2026-04-09T12:55:00Z

value	0.02369
scoring_system	epss
scoring_elements	0.84937
published_at	2026-04-08T12:55:00Z

value	0.02369
scoring_system	epss
scoring_elements	0.84914
published_at	2026-04-07T12:55:00Z

value	0.02369
scoring_system	epss
scoring_elements	0.8491
published_at	2026-04-04T12:55:00Z

value	0.02369
scoring_system	epss
scoring_elements	0.84892
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1834

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=763071

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=763071

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url

https://support.apple.com/HT206564

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://support.apple.com/HT206564

reference_url

https://support.apple.com/HT206566

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://support.apple.com/HT206566

reference_url

https://support.apple.com/HT206567

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://support.apple.com/HT206567

reference_url

https://support.apple.com/HT206568

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://support.apple.com/HT206568

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url

http://www.securityfocus.com/bid/90691

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

http://www.securityfocus.com/bid/90691

reference_url

http://www.securitytracker.com/id/1035890

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

http://www.securitytracker.com/id/1035890

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

reference_url

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1834

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338708
reference_id	1338708
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338708

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::
reference_id	cpe:2.3:a:mcafee:web_gateway::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

reference_id

CVE-2016-1834

reference_type

scores

value	9.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:C/I:C/A:C

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1834

reference_url

reference_id

RHSA-2016:1292

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T17:15:12Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-1834

risk_score 4.2

exploitability 0.5

weighted_severity 8.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eebz-xjem-cygz

url VCID-ek5d-m9pn-3fec

vulnerability_id VCID-ek5d-m9pn-3fec

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3517.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3517

reference_id

reference_type

scores

value	0.00107
scoring_system	epss
scoring_elements	0.2884
published_at	2026-04-13T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28891
published_at	2026-04-12T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28821
published_at	2026-04-07T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.2893
published_at	2026-04-09T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28889
published_at	2026-04-08T12:55:00Z

value	0.00107
scoring_system	epss
scoring_elements	0.28934
published_at	2026-04-11T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29474
published_at	2026-04-04T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29358
published_at	2026-04-01T12:55:00Z

value	0.0011
scoring_system	epss
scoring_elements	0.29427
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3517

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1954232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3517

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3517.yml

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/7c19ef5cc6b7c5c36827dd5495f857c6877ec8cf/CHANGELOG.md?plain=1#L579

reference_url

https://github.com/sparklemotion/nokogiri/issues/2233

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/2233

reference_url

https://github.com/sparklemotion/nokogiri/issues/2274

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/2274

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

reference_url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3517

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3517

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002/

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://security.netapp.com/advisory/ntap-20210625-0002/

reference_url

https://security.netapp.com/advisory/ntap-20211022-0004

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20211022-0004

reference_url

https://security.netapp.com/advisory/ntap-20211022-0004/

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://security.netapp.com/advisory/ntap-20211022-0004/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738
reference_id	987738
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987738

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

reference_id

BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://github.com/advisories/GHSA-jw9f-hh49-cvp9

reference_id

GHSA-jw9f-hh49-cvp9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jw9f-hh49-cvp9

reference_url

reference_id

GLSA-202107-05

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

reference_id

QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T21:32:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3517, GHSA-jw9f-hh49-cvp9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ek5d-m9pn-3fec

url VCID-ghaf-ynsg-uuea

vulnerability_id VCID-ghaf-ynsg-uuea

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2549.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2550.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8242.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8242.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-8242

reference_id

reference_type

scores

value	0.01368
scoring_system	epss
scoring_elements	0.80206
published_at	2026-04-13T12:55:00Z

value	0.01368
scoring_system	epss
scoring_elements	0.80211
published_at	2026-04-12T12:55:00Z

value	0.01368
scoring_system	epss
scoring_elements	0.80153
published_at	2026-04-01T12:55:00Z

value	0.01368
scoring_system	epss
scoring_elements	0.8016
published_at	2026-04-02T12:55:00Z

value	0.01368
scoring_system	epss
scoring_elements	0.8018
published_at	2026-04-04T12:55:00Z

value	0.01368
scoring_system	epss
scoring_elements	0.80169
published_at	2026-04-07T12:55:00Z

value	0.01368
scoring_system	epss
scoring_elements	0.80197
published_at	2026-04-08T12:55:00Z

value	0.01368
scoring_system	epss
scoring_elements	0.80205
published_at	2026-04-09T12:55:00Z

value	0.01368
scoring_system	epss
scoring_elements	0.80225
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-8242

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=756372
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=756372

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8242

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url	https://support.apple.com/HT206166
reference_id
reference_type
scores
url	https://support.apple.com/HT206166

reference_url	https://support.apple.com/HT206167
reference_id
reference_type
scores
url	https://support.apple.com/HT206167

reference_url	https://support.apple.com/HT206168
reference_id
reference_type
scores
url	https://support.apple.com/HT206168

reference_url	https://support.apple.com/HT206169
reference_id
reference_type
scores
url	https://support.apple.com/HT206169

reference_url	http://www.openwall.com/lists/oss-security/2015/11/17/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/17/5

reference_url	http://www.openwall.com/lists/oss-security/2015/11/18/23
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/18/23

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/77681
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/77681

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url	http://www.ubuntu.com/usn/USN-2834-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2834-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1281950
reference_id	1281950
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1281950

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805146
reference_id	805146
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805146

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-8242

reference_id

CVE-2015-8242

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-8242

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2834-1/
reference_id	USN-2834-1
reference_type
scores
url	https://usn.ubuntu.com/2834-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-8242

risk_score 2.6

exploitability 0.5

weighted_severity 5.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ghaf-ynsg-uuea

url VCID-gvmn-4dtv-8qcj

vulnerability_id VCID-gvmn-4dtv-8qcj

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
parser.c in libxml2 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16931

reference_id

reference_type

scores

value	0.0165
scoring_system	epss
scoring_elements	0.81939
published_at	2026-04-01T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.82006
published_at	2026-04-13T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.82004
published_at	2026-04-09T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.82023
published_at	2026-04-11T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.82012
published_at	2026-04-12T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.8195
published_at	2026-04-02T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.81973
published_at	2026-04-04T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.81969
published_at	2026-04-07T12:55:00Z

value	0.0165
scoring_system	epss
scoring_elements	0.81996
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16931

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=766956
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=766956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
reference_id
reference_type
scores
url	https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3

reference_url	https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html

reference_url	https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
url	https://www.oracle.com//security-alerts/cpujul2021.html

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1517307
reference_id	1517307
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1517307

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16931

reference_id

CVE-2017-16931

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16931

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-16931

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gvmn-4dtv-8qcj

url VCID-gxsm-qvkt-gygy

vulnerability_id VCID-gxsm-qvkt-gygy

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

references

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2549.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2550.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7498.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7498.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7498

reference_id

reference_type

scores

value	0.03265
scoring_system	epss
scoring_elements	0.87149
published_at	2026-04-13T12:55:00Z

value	0.03265
scoring_system	epss
scoring_elements	0.87097
published_at	2026-04-01T12:55:00Z

value	0.03265
scoring_system	epss
scoring_elements	0.87108
published_at	2026-04-02T12:55:00Z

value	0.03265
scoring_system	epss
scoring_elements	0.87125
published_at	2026-04-04T12:55:00Z

value	0.03265
scoring_system	epss
scoring_elements	0.87118
published_at	2026-04-07T12:55:00Z

value	0.03265
scoring_system	epss
scoring_elements	0.87139
published_at	2026-04-08T12:55:00Z

value	0.03265
scoring_system	epss
scoring_elements	0.87146
published_at	2026-04-09T12:55:00Z

value	0.03265
scoring_system	epss
scoring_elements	0.87159
published_at	2026-04-11T12:55:00Z

value	0.03265
scoring_system	epss
scoring_elements	0.87153
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url	http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3430

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/79548
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/79548

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url	http://www.ubuntu.com/usn/USN-2834-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2834-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1281879
reference_id	1281879
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1281879

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7498

reference_id

CVE-2015-7498

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7498

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2834-1/
reference_id	USN-2834-1
reference_type
scores
url	https://usn.ubuntu.com/2834-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-7498

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxsm-qvkt-gygy

url VCID-hafa-bcpu-8uaj

vulnerability_id VCID-hafa-bcpu-8uaj

summary libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27113.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-27113

reference_id

reference_type

scores

value	0.00094
scoring_system	epss
scoring_elements	0.26313
published_at	2026-04-02T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26146
published_at	2026-04-13T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26242
published_at	2026-04-09T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26249
published_at	2026-04-11T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26204
published_at	2026-04-12T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26354
published_at	2026-04-04T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26127
published_at	2026-04-07T12:55:00Z

value	0.00094
scoring_system	epss
scoring_elements	0.26194
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-27113

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322
reference_id	1098322
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098322

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2346410
reference_id	2346410
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2346410

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/861

reference_id

861

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-19T15:33:43Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/861

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-27113

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hafa-bcpu-8uaj

url VCID-ked7-5tjg-nudx

vulnerability_id VCID-ked7-5tjg-nudx

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The xmlNextChar function in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

references

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1762

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1762.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1762.json

reference_url

reference_id

reference_type

scores

value	0.08579
scoring_system	epss
scoring_elements	0.92379
published_at	2026-04-02T12:55:00Z

value	0.08579
scoring_system	epss
scoring_elements	0.92402
published_at	2026-04-08T12:55:00Z

value	0.08579
scoring_system	epss
scoring_elements	0.92407
published_at	2026-04-09T12:55:00Z

value	0.08579
scoring_system	epss
scoring_elements	0.92413
published_at	2026-04-13T12:55:00Z

value	0.08579
scoring_system	epss
scoring_elements	0.92415
published_at	2026-04-12T12:55:00Z

value	0.08579
scoring_system	epss
scoring_elements	0.92386
published_at	2026-04-04T12:55:00Z

value	0.08579
scoring_system	epss
scoring_elements	0.92372
published_at	2026-04-01T12:55:00Z

value	0.08579
scoring_system	epss
scoring_elements	0.9239
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1762

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=759671

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=759671

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

https://support.apple.com/HT206171

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

https://support.apple.com/HT206171

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url

http://www.securityfocus.com/bid/85059

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://www.securityfocus.com/bid/85059

reference_url

http://www.securitytracker.com/id/1035353

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

http://www.securitytracker.com/id/1035353

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1762

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338711
reference_id	1338711
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338711

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
reference_id	cpe:2.3:a:apple:safari::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::
reference_id	cpe:2.3:a:mcafee:web_gateway::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

reference_id

CVE-2016-1762

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1762

reference_url

reference_id

RHSA-2016:1292

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:04:28Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8872.json

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-1762

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ked7-5tjg-nudx

url VCID-mm88-amve-quh6

vulnerability_id VCID-mm88-amve-quh6

summary

Out-of-bounds Read
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

references

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8872.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-8872

reference_id

reference_type

scores

value	0.00178
scoring_system	epss
scoring_elements	0.393
published_at	2026-04-01T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39425
published_at	2026-04-13T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39461
published_at	2026-04-02T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39485
published_at	2026-04-04T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39399
published_at	2026-04-07T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39454
published_at	2026-04-08T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.3947
published_at	2026-04-09T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39481
published_at	2026-04-11T12:55:00Z

value	0.00178
scoring_system	epss
scoring_elements	0.39442
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-8872

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=775200

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:59:00Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=775200

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	1.9
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:P/I:N/A:N

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:59:00Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1449541
reference_id	1449541
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1449541

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450
reference_id	862450
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862450

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-8872

reference_id

CVE-2017-8872

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:P

value	9.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-8872

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-8872

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mm88-amve-quh6

url VCID-netm-9gxh-3yh4

vulnerability_id VCID-netm-9gxh-3yh4

summary

Use of Externally-Controlled Format String
Format string vulnerability in libxml2 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4448.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4448.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4448

reference_id

reference_type

scores

value	0.01204
scoring_system	epss
scoring_elements	0.78939
published_at	2026-04-13T12:55:00Z

value	0.01204
scoring_system	epss
scoring_elements	0.78965
published_at	2026-04-11T12:55:00Z

value	0.01204
scoring_system	epss
scoring_elements	0.78949
published_at	2026-04-12T12:55:00Z

value	0.01204
scoring_system	epss
scoring_elements	0.78892
published_at	2026-04-01T12:55:00Z

value	0.01204
scoring_system	epss
scoring_elements	0.78898
published_at	2026-04-02T12:55:00Z

value	0.01204
scoring_system	epss
scoring_elements	0.78928
published_at	2026-04-04T12:55:00Z

value	0.01204
scoring_system	epss
scoring_elements	0.7891
published_at	2026-04-07T12:55:00Z

value	0.01204
scoring_system	epss
scoring_elements	0.78935
published_at	2026-04-08T12:55:00Z

value	0.01204
scoring_system	epss
scoring_elements	0.78941
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4448

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://support.apple.com/HT206899
reference_id
reference_type
scores
url	https://support.apple.com/HT206899

reference_url	https://support.apple.com/HT206901
reference_id
reference_type
scores
url	https://support.apple.com/HT206901

reference_url	https://support.apple.com/HT206902
reference_id
reference_type
scores
url	https://support.apple.com/HT206902

reference_url	https://support.apple.com/HT206903
reference_id
reference_type
scores
url	https://support.apple.com/HT206903

reference_url	https://support.apple.com/HT206904
reference_id
reference_type
scores
url	https://support.apple.com/HT206904

reference_url	https://support.apple.com/HT206905
reference_id
reference_type
scores
url	https://support.apple.com/HT206905

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.openwall.com/lists/oss-security/2016/05/25/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/05/25/2

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/90856
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90856

reference_url	http://www.securitytracker.com/id/1036348
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036348

reference_url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722
reference_id
reference_type
scores
url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338700
reference_id	1338700
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338700

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829718
reference_id	829718
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829718

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:icloud::::::::
reference_id	cpe:2.3:a:apple:icloud::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:icloud::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:itunes::::::::
reference_id	cpe:2.3:a:apple:itunes::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:itunes::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::
reference_id	cpe:2.3:a:mcafee:web_gateway::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:log_correlation_engine:4.8.0:::::::*
reference_id	cpe:2.3:a:tenable:log_correlation_engine:4.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tenable:log_correlation_engine:4.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows::::::::
reference_id	cpe:2.3:o:microsoft:windows::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:::::::*
reference_id	cpe:2.3:o:microsoft:windows:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*
reference_id	cpe:2.3:o:oracle:linux:6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:0::::::
reference_id	cpe:2.3:o:oracle:linux:7:0::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:0::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.3:::::::*
reference_id	cpe:2.3:o:oracle:vm_server:3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.4:::::::*
reference_id	cpe:2.3:o:oracle:vm_server:3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:14.0:::::::*
reference_id	cpe:2.3:o:slackware:slackware_linux:14.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:14.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:14.1:::::::*
reference_id	cpe:2.3:o:slackware:slackware_linux:14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:slackware:slackware_linux:14.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4448

reference_id

CVE-2016-4448

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4448

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/3235-1/
reference_id	USN-3235-1
reference_type
scores
url	https://usn.ubuntu.com/3235-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-4448

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-netm-9gxh-3yh4

url VCID-nuh8-qd25-ykan

vulnerability_id VCID-nuh8-qd25-ykan

summary libxml2: Incorrect server side include parsing can lead to XSS

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3709.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-3709

reference_id

reference_type

scores

value	0.00139
scoring_system	epss
scoring_elements	0.33794
published_at	2026-04-01T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34132
published_at	2026-04-02T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34164
published_at	2026-04-04T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34024
published_at	2026-04-07T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34067
published_at	2026-04-08T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45494
published_at	2026-04-13T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45499
published_at	2026-04-09T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45519
published_at	2026-04-11T12:55:00Z

value	0.00227
scoring_system	epss
scoring_elements	0.45489
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3709

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3709

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2112766
reference_id	2112766
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2112766

reference_url	https://access.redhat.com/errata/RHSA-2022:7715
reference_id	RHSA-2022:7715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7715

reference_url	https://access.redhat.com/errata/RHSA-2023:4767
reference_id	RHSA-2023:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4767

reference_url	https://usn.ubuntu.com/5548-1/
reference_id	USN-5548-1
reference_type
scores
url	https://usn.ubuntu.com/5548-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2016-3709

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuh8-qd25-ykan

url VCID-pdv9-xrh8-d3fz

vulnerability_id VCID-pdv9-xrh8-d3fz

summary

Use After Free
This advisory has been marked as False Positive and removed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45322.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-45322

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22953
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22843
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22864
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22916
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22937
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.229
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22997
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22789
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-45322

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

reference_url

http://www.openwall.com/lists/oss-security/2023/10/06/5

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-19T18:12:15Z/

url

http://www.openwall.com/lists/oss-security/2023/10/06/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629
reference_id	1053629
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2242945
reference_id	2242945
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2242945

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-45322
reference_id	CVE-2023-45322
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-45322

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2023-45322

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdv9-xrh8-d3fz

url VCID-qh44-gavt-rbdw

vulnerability_id VCID-qh44-gavt-rbdw

summary libxml: use-after-free in xmlXIncludeAddNode

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-49043.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-49043

reference_id

reference_type

scores

value	0.00222
scoring_system	epss
scoring_elements	0.448
published_at	2026-04-02T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44803
published_at	2026-04-13T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44761
published_at	2026-04-07T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44813
published_at	2026-04-08T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44816
published_at	2026-04-09T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44832
published_at	2026-04-11T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44802
published_at	2026-04-12T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44821
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-49043

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49043

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238
reference_id	1094238
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094238

reference_url

https://github.com/php/php-src/issues/17467

reference_id

17467

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/

url

https://github.com/php/php-src/issues/17467

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342118
reference_id	2342118
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342118

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

reference_id

5a19e21605398cef6a8b1452477a8705cb41562b

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-27T14:52:22Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

reference_url	https://access.redhat.com/errata/RHSA-2025:1350
reference_id	RHSA-2025:1350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1350

reference_url	https://access.redhat.com/errata/RHSA-2025:1487
reference_id	RHSA-2025:1487
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1487

reference_url	https://access.redhat.com/errata/RHSA-2025:1516
reference_id	RHSA-2025:1516
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1516

reference_url	https://access.redhat.com/errata/RHSA-2025:1517
reference_id	RHSA-2025:1517
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1517

reference_url	https://access.redhat.com/errata/RHSA-2025:1925
reference_id	RHSA-2025:1925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1925

reference_url	https://access.redhat.com/errata/RHSA-2025:2507
reference_id	RHSA-2025:2507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2507

reference_url	https://access.redhat.com/errata/RHSA-2025:2678
reference_id	RHSA-2025:2678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2678

reference_url	https://access.redhat.com/errata/RHSA-2025:3775
reference_id	RHSA-2025:3775
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3775

reference_url	https://access.redhat.com/errata/RHSA-2025:4409
reference_id	RHSA-2025:4409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4409

reference_url	https://access.redhat.com/errata/RHSA-2025:4422
reference_id	RHSA-2025:4422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4422

reference_url	https://access.redhat.com/errata/RHSA-2025:4677
reference_id	RHSA-2025:4677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4677

reference_url	https://access.redhat.com/errata/RHSA-2025:7702
reference_id	RHSA-2025:7702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7702

reference_url	https://usn.ubuntu.com/7240-1/
reference_id	USN-7240-1
reference_type
scores
url	https://usn.ubuntu.com/7240-1/

reference_url	https://usn.ubuntu.com/7302-1/
reference_id	USN-7302-1
reference_type
scores
url	https://usn.ubuntu.com/7302-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2022-49043

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qh44-gavt-rbdw

url VCID-qp6y-dt1j-97df

vulnerability_id VCID-qp6y-dt1j-97df

summary libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32415.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32415

reference_id

reference_type

scores

value	0.00071
scoring_system	epss
scoring_elements	0.21953
published_at	2026-04-02T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21817
published_at	2026-04-13T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21904
published_at	2026-04-09T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21915
published_at	2026-04-11T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21874
published_at	2026-04-12T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.22006
published_at	2026-04-04T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21771
published_at	2026-04-07T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21848
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511
reference_id	1103511
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103511

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2360768
reference_id	2360768
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2360768

reference_url	https://access.redhat.com/errata/RHSA-2025:13203
reference_id	RHSA-2025:13203
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13203

reference_url	https://access.redhat.com/errata/RHSA-2025:13428
reference_id	RHSA-2025:13428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13428

reference_url	https://access.redhat.com/errata/RHSA-2025:13429
reference_id	RHSA-2025:13429
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13429

reference_url	https://access.redhat.com/errata/RHSA-2025:13622
reference_id	RHSA-2025:13622
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13622

reference_url	https://access.redhat.com/errata/RHSA-2025:13677
reference_id	RHSA-2025:13677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13677

reference_url	https://access.redhat.com/errata/RHSA-2025:13681
reference_id	RHSA-2025:13681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13681

reference_url	https://access.redhat.com/errata/RHSA-2025:13683
reference_id	RHSA-2025:13683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13683

reference_url	https://access.redhat.com/errata/RHSA-2025:13684
reference_id	RHSA-2025:13684
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13684

reference_url	https://access.redhat.com/errata/RHSA-2025:13688
reference_id	RHSA-2025:13688
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13688

reference_url	https://access.redhat.com/errata/RHSA-2025:13689
reference_id	RHSA-2025:13689
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13689

reference_url	https://access.redhat.com/errata/RHSA-2025:13788
reference_id	RHSA-2025:13788
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13788

reference_url	https://access.redhat.com/errata/RHSA-2025:13789
reference_id	RHSA-2025:13789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13789

reference_url	https://access.redhat.com/errata/RHSA-2025:13806
reference_id	RHSA-2025:13806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13806

reference_url	https://access.redhat.com/errata/RHSA-2025:14059
reference_id	RHSA-2025:14059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14059

reference_url	https://access.redhat.com/errata/RHSA-2025:14186
reference_id	RHSA-2025:14186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14186

reference_url	https://access.redhat.com/errata/RHSA-2025:14644
reference_id	RHSA-2025:14644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14644

reference_url	https://access.redhat.com/errata/RHSA-2025:14818
reference_id	RHSA-2025:14818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14818

reference_url	https://access.redhat.com/errata/RHSA-2025:14819
reference_id	RHSA-2025:14819
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14819

reference_url	https://access.redhat.com/errata/RHSA-2025:14853
reference_id	RHSA-2025:14853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14853

reference_url	https://access.redhat.com/errata/RHSA-2025:14858
reference_id	RHSA-2025:14858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14858

reference_url	https://access.redhat.com/errata/RHSA-2025:15308
reference_id	RHSA-2025:15308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15308

reference_url	https://access.redhat.com/errata/RHSA-2025:15672
reference_id	RHSA-2025:15672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15672

reference_url	https://access.redhat.com/errata/RHSA-2025:16159
reference_id	RHSA-2025:16159
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16159

reference_url	https://access.redhat.com/errata/RHSA-2025:22529
reference_id	RHSA-2025:22529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22529

reference_url	https://usn.ubuntu.com/7467-1/
reference_id	USN-7467-1
reference_type
scores
url	https://usn.ubuntu.com/7467-1/

reference_url	https://usn.ubuntu.com/7467-2/
reference_id	USN-7467-2
reference_type
scores
url	https://usn.ubuntu.com/7467-2/

reference_url	https://usn.ubuntu.com/7896-1/
reference_id	USN-7896-1
reference_type
scores
url	https://usn.ubuntu.com/7896-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5

aliases CVE-2025-32415

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qp6y-dt1j-97df

url VCID-qpnt-xvgv-s3cq

vulnerability_id VCID-qpnt-xvgv-s3cq

summary This advisory has been invalidated.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28484.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28484

reference_id

reference_type

scores

value	0.00249
scoring_system	epss
scoring_elements	0.48197
published_at	2026-04-13T12:55:00Z

value	0.00249
scoring_system	epss
scoring_elements	0.48186
published_at	2026-04-12T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49179
published_at	2026-04-04T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4915
published_at	2026-04-02T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49181
published_at	2026-04-09T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49184
published_at	2026-04-08T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.4913
published_at	2026-04-07T12:55:00Z

value	0.00258
scoring_system	epss
scoring_elements	0.49199
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/491

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/491

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436
reference_id	1034436
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034436

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185994
reference_id	2185994
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185994

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-28484
reference_id	CVE-2023-28484
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-28484

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_id

ntap-20230601-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_id

ntap-20240201-0005

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-05T16:58:14Z/

url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_url	https://access.redhat.com/errata/RHSA-2023:4349
reference_id	RHSA-2023:4349
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4349

reference_url	https://access.redhat.com/errata/RHSA-2023:4529
reference_id	RHSA-2023:4529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4529

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/6028-1/
reference_id	USN-6028-1
reference_type
scores
url	https://usn.ubuntu.com/6028-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2023-28484

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpnt-xvgv-s3cq

url VCID-qqte-z1e6-xuh7

vulnerability_id VCID-qqte-z1e6-xuh7

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
A buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9047

reference_id

reference_type

scores

value	0.0266
scoring_system	epss
scoring_elements	0.85787
published_at	2026-04-13T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85779
published_at	2026-04-09T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85793
published_at	2026-04-11T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.8579
published_at	2026-04-12T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86261
published_at	2026-04-02T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86279
published_at	2026-04-07T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86298
published_at	2026-04-08T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86278
published_at	2026-04-04T12:55:00Z

value	0.03032
scoring_system	epss
scoring_elements	0.86594
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1452554
reference_id	1452554
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1452554

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022
reference_id	863022
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9047
reference_id	CVE-2017-9047
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9047

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-9047

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqte-z1e6-xuh7

url VCID-qtp3-a1g7-8kgw

vulnerability_id VCID-qtp3-a1g7-8kgw

summary

Improper Restriction of XML External Entity Reference
libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9318

reference_id

reference_type

scores

value	0.00121
scoring_system	epss
scoring_elements	0.31023
published_at	2026-04-13T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31068
published_at	2026-04-12T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32866
published_at	2026-04-02T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32769
published_at	2026-04-08T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32722
published_at	2026-04-07T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32901
published_at	2026-04-04T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32735
published_at	2026-04-01T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.3896
published_at	2026-04-09T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38972
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9318

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395609
reference_id	1395609
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395609

reference_url

https://github.com/lsh123/xmlsec/issues/43

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

https://github.com/lsh123/xmlsec/issues/43

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581
reference_id	844581
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581

reference_url

http://www.securityfocus.com/bid/94347

reference_id

94347

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

http://www.securityfocus.com/bid/94347

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-9318
reference_id	CVE-2016-9318
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-9318

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=772726

reference_id

show_bug.cgi?id=772726

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=772726

reference_url

reference_id

USN-3739-2

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2016-9318

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtp3-a1g7-8kgw

url VCID-qv3r-ppuc-zycz

vulnerability_id VCID-qv3r-ppuc-zycz

summary

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7595

reference_id

reference_type

scores

value	0.00473
scoring_system	epss
scoring_elements	0.64712
published_at	2026-04-13T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.6472
published_at	2026-04-08T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64672
published_at	2026-04-07T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64751
published_at	2026-04-11T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.6474
published_at	2026-04-12T12:55:00Z

value	0.00473
scoring_system	epss
scoring_elements	0.64734
published_at	2026-04-09T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65326
published_at	2026-04-01T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65375
published_at	2026-04-02T12:55:00Z

value	0.00487
scoring_system	epss
scoring_elements	0.65401
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7595

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1992

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1992

reference_url

https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7595

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7595

reference_url

https://security.gentoo.org/glsa/202010-04

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://security.gentoo.org/glsa/202010-04

reference_url

https://security.netapp.com/advisory/ntap-20200702-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200702-0005

reference_url

https://security.netapp.com/advisory/ntap-20200702-0005/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://security.netapp.com/advisory/ntap-20200702-0005/

reference_url

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

reference_url

https://usn.ubuntu.com/4274-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4274-1

reference_url

https://usn.ubuntu.com/4274-1/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://usn.ubuntu.com/4274-1/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpujul2020.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1799786
reference_id	1799786
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1799786

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_id

545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582
reference_id	949582
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582

reference_url	https://security.archlinux.org/ASA-202011-15
reference_id	ASA-202011-15
reference_type
scores
url	https://security.archlinux.org/ASA-202011-15

reference_url

reference_id

AVG-1263

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-7553-jr98-vx47

reference_url

reference_id

GHSA-7553-jr98-vx47

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7553-jr98-vx47

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2020-7595, GHSA-7553-jr98-vx47

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qv3r-ppuc-zycz

url VCID-qxwq-xwaw-nyak

vulnerability_id VCID-qxwq-xwaw-nyak

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-0663

reference_id

reference_type

scores

value	0.01042
scoring_system	epss
scoring_elements	0.77393
published_at	2026-04-01T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77448
published_at	2026-04-13T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77471
published_at	2026-04-11T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77451
published_at	2026-04-12T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77399
published_at	2026-04-02T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77426
published_at	2026-04-04T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77405
published_at	2026-04-07T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77436
published_at	2026-04-08T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77445
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1462225
reference_id	1462225
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1462225

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870
reference_id	870870
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-0663

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxwq-xwaw-nyak

url VCID-r7q9-7u4b-83cz

vulnerability_id VCID-r7q9-7u4b-83cz

summary

Out-of-bounds Read
The htmlCurrentChar function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1833.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1833.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1833

reference_id

reference_type

scores

value	0.01214
scoring_system	epss
scoring_elements	0.79013
published_at	2026-04-13T12:55:00Z

value	0.01214
scoring_system	epss
scoring_elements	0.79023
published_at	2026-04-12T12:55:00Z

value	0.01214
scoring_system	epss
scoring_elements	0.78967
published_at	2026-04-01T12:55:00Z

value	0.01214
scoring_system	epss
scoring_elements	0.78973
published_at	2026-04-02T12:55:00Z

value	0.01214
scoring_system	epss
scoring_elements	0.78999
published_at	2026-04-04T12:55:00Z

value	0.01214
scoring_system	epss
scoring_elements	0.78984
published_at	2026-04-07T12:55:00Z

value	0.01214
scoring_system	epss
scoring_elements	0.79008
published_at	2026-04-08T12:55:00Z

value	0.01214
scoring_system	epss
scoring_elements	0.79015
published_at	2026-04-09T12:55:00Z

value	0.01214
scoring_system	epss
scoring_elements	0.79039
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1833

reference_url	https://bugs.chromium.org/p/project-zero/issues/detail?id=636
reference_id
reference_type
scores
url	https://bugs.chromium.org/p/project-zero/issues/detail?id=636

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=758606
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=758606

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://support.apple.com/HT206564
reference_id
reference_type
scores
url	https://support.apple.com/HT206564

reference_url	https://support.apple.com/HT206566
reference_id
reference_type
scores
url	https://support.apple.com/HT206566

reference_url	https://support.apple.com/HT206567
reference_id
reference_type
scores
url	https://support.apple.com/HT206567

reference_url	https://support.apple.com/HT206568
reference_id
reference_type
scores
url	https://support.apple.com/HT206568

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/90691
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90691

reference_url	http://www.securitytracker.com/id/1035890
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035890

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338682
reference_id	1338682
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338682

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::
reference_id	cpe:2.3:a:mcafee:web_gateway::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1833

reference_id

CVE-2016-1833

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1833

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-1833

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r7q9-7u4b-83cz

url VCID-rhgj-t5cp-wkbh

vulnerability_id VCID-rhgj-t5cp-wkbh

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
libxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9048

reference_id

reference_type

scores

value	0.00601
scoring_system	epss
scoring_elements	0.69484
published_at	2026-04-13T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69492
published_at	2026-04-09T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69513
published_at	2026-04-11T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69498
published_at	2026-04-12T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69951
published_at	2026-04-08T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69911
published_at	2026-04-02T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69903
published_at	2026-04-07T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69926
published_at	2026-04-04T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69898
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1452549
reference_id	1452549
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1452549

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021
reference_id	863021
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021

reference_url

http://www.securityfocus.com/bid/98556

reference_id

98556

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T11:40:41Z/

url

http://www.securityfocus.com/bid/98556

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9048
reference_id	CVE-2017-9048
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9048

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-9048

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhgj-t5cp-wkbh

url VCID-rsvx-3f49-v3an

vulnerability_id VCID-rsvx-3f49-v3an

summary

Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion)
A flaw was found in libxml2. By exploiting an exponential entity expansion attack its possible bypassing all existing protection mechanisms and lead to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3541.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3541

reference_id

reference_type

scores

value	0.0006
scoring_system	epss
scoring_elements	0.18918
published_at	2026-04-01T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.1887
published_at	2026-04-13T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18968
published_at	2026-04-11T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18921
published_at	2026-04-12T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19054
published_at	2026-04-02T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.19106
published_at	2026-04-04T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18828
published_at	2026-04-07T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18907
published_at	2026-04-08T12:55:00Z

value	0.0006
scoring_system	epss
scoring_elements	0.18962
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3541

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1950515
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1950515

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3541

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://security.netapp.com/advisory/ntap-20210805-0007/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210805-0007/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603
reference_id	988603
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4483

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-3541
reference_id	CVE-2021-3541
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-3541

reference_url	https://security.gentoo.org/glsa/202107-05
reference_id	GLSA-202107-05
reference_type
scores
url	https://security.gentoo.org/glsa/202107-05

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3541

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rsvx-3f49-v3an

url VCID-s3j9-1zq5-zkf5

vulnerability_id VCID-s3j9-1zq5-zkf5

summary

Deserialization of Untrusted Data
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4483.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4483.json

reference_url

reference_id

reference_type

scores

value	0.0127
scoring_system	epss
scoring_elements	0.7949
published_at	2026-04-13T12:55:00Z

value	0.0127
scoring_system	epss
scoring_elements	0.79516
published_at	2026-04-11T12:55:00Z

value	0.0127
scoring_system	epss
scoring_elements	0.79499
published_at	2026-04-12T12:55:00Z

value	0.0127
scoring_system	epss
scoring_elements	0.7944
published_at	2026-04-01T12:55:00Z

value	0.0127
scoring_system	epss
scoring_elements	0.79447
published_at	2026-04-02T12:55:00Z

value	0.0127
scoring_system	epss
scoring_elements	0.79471
published_at	2026-04-04T12:55:00Z

value	0.0127
scoring_system	epss
scoring_elements	0.79458
published_at	2026-04-07T12:55:00Z

value	0.0127
scoring_system	epss
scoring_elements	0.79486
published_at	2026-04-08T12:55:00Z

value	0.0127
scoring_system	epss
scoring_elements	0.79494
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4483

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd

reference_url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	http://www.debian.org/security/2016/dsa-3593

reference_url	http://www.openwall.com/lists/oss-security/2016/05/03/8
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/05/03/8

reference_url	http://www.openwall.com/lists/oss-security/2016/05/04/7
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/05/04/7

reference_url	http://www.openwall.com/lists/oss-security/2016/06/07/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/06/07/4

reference_url	http://www.openwall.com/lists/oss-security/2016/06/07/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/06/07/5

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.securityfocus.com/bid/90013
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90013

reference_url	http://www.securitytracker.com/id/1036348
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036348

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1332820
reference_id	1332820
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1332820

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823405
reference_id	823405
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823405

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:::::::*
reference_id	cpe:2.3:o:oracle:solaris:11.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4483

reference_id

CVE-2016-4483

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4483

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-4483

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3j9-1zq5-zkf5

url VCID-s9r4-a3uz-4yhp

vulnerability_id VCID-s9r4-a3uz-4yhp

summary

Integer Overflow or Wraparound
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29824.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-29824

reference_id

reference_type

scores

value	0.00074
scoring_system	epss
scoring_elements	0.22466
published_at	2026-04-13T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22489
published_at	2026-04-08T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22543
published_at	2026-04-09T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22562
published_at	2026-04-11T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22521
published_at	2026-04-12T12:55:00Z

value	0.00074
scoring_system	epss
scoring_elements	0.22407
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22976
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.2302
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-29824

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14

reference_url	https://gitlab.gnome.org/GNOME/libxslt/-/tags
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxslt/-/tags

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526
reference_id	1010526
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010526

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2082158
reference_id	2082158
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2082158

reference_url

reference_id

AVG-2726

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-29824
reference_id	CVE-2022-29824
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-29824

reference_url	https://security.gentoo.org/glsa/202210-03
reference_id	GLSA-202210-03
reference_type
scores
url	https://security.gentoo.org/glsa/202210-03

reference_url	https://access.redhat.com/errata/RHSA-2022:5250
reference_id	RHSA-2022:5250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5250

reference_url	https://access.redhat.com/errata/RHSA-2022:5317
reference_id	RHSA-2022:5317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5317

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5422-1/
reference_id	USN-5422-1
reference_type
scores
url	https://usn.ubuntu.com/5422-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-29824

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9r4-a3uz-4yhp

url VCID-t53m-6vvr-27cf

vulnerability_id VCID-t53m-6vvr-27cf

summary

Loop with Unreachable Exit Condition ('Infinite Loop')
libxml2, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14567

reference_id

reference_type

scores

value	0.00677
scoring_system	epss
scoring_elements	0.71451
published_at	2026-04-01T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71459
published_at	2026-04-02T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71476
published_at	2026-04-04T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71449
published_at	2026-04-07T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71489
published_at	2026-04-08T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71501
published_at	2026-04-09T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71524
published_at	2026-04-11T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.71508
published_at	2026-04-12T12:55:00Z

value	0.00677
scoring_system	epss
scoring_elements	0.7149
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14567

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1619875
reference_id	1619875
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1619875

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-14567
reference_id	CVE-2018-14567
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-14567

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2018-14567

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t53m-6vvr-27cf

url VCID-t9pa-yw9s-kqb9

vulnerability_id VCID-t9pa-yw9s-kqb9

summary

Improper Input Validation
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

references

reference_url	http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html
reference_id
reference_type
scores
url	http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000066.html

reference_url	http://jvn.jp/en/jp/JVN17535578/index.html
reference_id
reference_type
scores
url	http://jvn.jp/en/jp/JVN17535578/index.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4449.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4449.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4449

reference_id

reference_type

scores

value	0.00121
scoring_system	epss
scoring_elements	0.31035
published_at	2026-04-13T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31123
published_at	2026-04-11T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.3108
published_at	2026-04-12T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31041
published_at	2026-04-01T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31166
published_at	2026-04-02T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31212
published_at	2026-04-04T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31032
published_at	2026-04-07T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31088
published_at	2026-04-08T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31117
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://support.apple.com/HT206899
reference_id
reference_type
scores
url	https://support.apple.com/HT206899

reference_url	https://support.apple.com/HT206901
reference_id
reference_type
scores
url	https://support.apple.com/HT206901

reference_url	https://support.apple.com/HT206902
reference_id
reference_type
scores
url	https://support.apple.com/HT206902

reference_url	https://support.apple.com/HT206903
reference_id
reference_type
scores
url	https://support.apple.com/HT206903

reference_url	https://support.apple.com/HT206904
reference_id
reference_type
scores
url	https://support.apple.com/HT206904

reference_url	https://support.apple.com/HT206905
reference_id
reference_type
scores
url	https://support.apple.com/HT206905

reference_url	https://support.cybozu.com/ja-jp/article/9735
reference_id
reference_type
scores
url	https://support.cybozu.com/ja-jp/article/9735

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.openwall.com/lists/oss-security/2016/05/25/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/05/25/2

reference_url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/90865
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90865

reference_url	http://www.securitytracker.com/id/1036348
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036348

reference_url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722
reference_id
reference_type
scores
url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338701
reference_id	1338701
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338701

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4449

reference_id

CVE-2016-4449

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:P

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4449

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-4449

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9pa-yw9s-kqb9

url VCID-tazr-2qgq-77fy

vulnerability_id VCID-tazr-2qgq-77fy

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The xmlParseElementDecl function in parser.c in libxml2 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4447.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4447.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4447

reference_id

reference_type

scores

value	0.02064
scoring_system	epss
scoring_elements	0.83924
published_at	2026-04-13T12:55:00Z

value	0.02064
scoring_system	epss
scoring_elements	0.83934
published_at	2026-04-11T12:55:00Z

value	0.02064
scoring_system	epss
scoring_elements	0.83928
published_at	2026-04-12T12:55:00Z

value	0.02064
scoring_system	epss
scoring_elements	0.83856
published_at	2026-04-01T12:55:00Z

value	0.02064
scoring_system	epss
scoring_elements	0.8387
published_at	2026-04-02T12:55:00Z

value	0.02064
scoring_system	epss
scoring_elements	0.83886
published_at	2026-04-04T12:55:00Z

value	0.02064
scoring_system	epss
scoring_elements	0.83887
published_at	2026-04-07T12:55:00Z

value	0.02064
scoring_system	epss
scoring_elements	0.83911
published_at	2026-04-08T12:55:00Z

value	0.02064
scoring_system	epss
scoring_elements	0.83917
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://support.apple.com/HT206899
reference_id
reference_type
scores
url	https://support.apple.com/HT206899

reference_url	https://support.apple.com/HT206901
reference_id
reference_type
scores
url	https://support.apple.com/HT206901

reference_url	https://support.apple.com/HT206902
reference_id
reference_type
scores
url	https://support.apple.com/HT206902

reference_url	https://support.apple.com/HT206903
reference_id
reference_type
scores
url	https://support.apple.com/HT206903

reference_url	https://support.apple.com/HT206904
reference_id
reference_type
scores
url	https://support.apple.com/HT206904

reference_url	https://support.apple.com/HT206905
reference_id
reference_type
scores
url	https://support.apple.com/HT206905

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.openwall.com/lists/oss-security/2016/05/25/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/05/25/2

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/90864
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90864

reference_url	http://www.securitytracker.com/id/1036348
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1036348

reference_url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722
reference_id
reference_type
scores
url	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338686
reference_id	1338686
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338686

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:itunes:12.4.1:::::::*
reference_id	cpe:2.3:a:apple:itunes:12.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:itunes:12.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::
reference_id	cpe:2.3:a:mcafee:web_gateway::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows::::::::
reference_id	cpe:2.3:o:microsoft:windows::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.3:::::::*
reference_id	cpe:2.3:o:oracle:vm_server:3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.4:::::::*
reference_id	cpe:2.3:o:oracle:vm_server:3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4447

reference_id

CVE-2016-4447

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4447

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-4447

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tazr-2qgq-77fy

url VCID-tn87-vke6-kuf6

vulnerability_id VCID-tn87-vke6-kuf6

summary

Use After Free
Use after free in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

references

reference_url

https://access.redhat.com/errata/RHSA-2017:3401

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:3401

reference_url

https://access.redhat.com/errata/RHSA-2018:0287

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0287

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15412.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15412

reference_id

reference_type

scores

value	0.01891
scoring_system	epss
scoring_elements	0.83181
published_at	2026-04-09T12:55:00Z

value	0.01891
scoring_system	epss
scoring_elements	0.83187
published_at	2026-04-13T12:55:00Z

value	0.01891
scoring_system	epss
scoring_elements	0.83149
published_at	2026-04-07T12:55:00Z

value	0.01891
scoring_system	epss
scoring_elements	0.83174
published_at	2026-04-08T12:55:00Z

value	0.01891
scoring_system	epss
scoring_elements	0.83191
published_at	2026-04-12T12:55:00Z

value	0.01891
scoring_system	epss
scoring_elements	0.83197
published_at	2026-04-11T12:55:00Z

value	0.01943
scoring_system	epss
scoring_elements	0.8337
published_at	2026-04-01T12:55:00Z

value	0.01943
scoring_system	epss
scoring_elements	0.83383
published_at	2026-04-02T12:55:00Z

value	0.01943
scoring_system	epss
scoring_elements	0.83398
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15412

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=783160

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.gnome.org/show_bug.cgi?id=783160

reference_url

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html

reference_url

https://crbug.com/727039

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://crbug.com/727039

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.yml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1714

reference_url

https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html

reference_url

https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348

reference_url

https://www.debian.org/security/2018/dsa-4086

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4086

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1523128
reference_id	1523128
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1523128

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790
reference_id	883790
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883790

reference_url	https://security.archlinux.org/ASA-201712-5
reference_id	ASA-201712-5
reference_type
scores
url	https://security.archlinux.org/ASA-201712-5

reference_url

https://security.archlinux.org/AVG-544

reference_id

AVG-544

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-544

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15412

reference_id

CVE-2017-15412

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15412

reference_url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html
reference_id	CVE-2017-15412.HTML
reference_type
scores
url	https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html

reference_url

https://github.com/advisories/GHSA-r58r-74gx-6wx3

reference_id

GHSA-r58r-74gx-6wx3

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r58r-74gx-6wx3

reference_url

https://security.gentoo.org/glsa/201801-03

reference_id

GLSA-201801-03

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/201801-03

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

reference_url	https://usn.ubuntu.com/3513-1/
reference_id	USN-3513-1
reference_type
scores
url	https://usn.ubuntu.com/3513-1/

reference_url	https://usn.ubuntu.com/3513-2/
reference_id	USN-3513-2
reference_type
scores
url	https://usn.ubuntu.com/3513-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-7%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-7%252Bdeb10u4

aliases CVE-2017-15412, GHSA-r58r-74gx-6wx3

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn87-vke6-kuf6

url VCID-tyk2-gq2c-bbcn

vulnerability_id VCID-tyk2-gq2c-bbcn

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2073.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2073.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2073

reference_id

reference_type

scores

value	0.01321
scoring_system	epss
scoring_elements	0.7988
published_at	2026-04-13T12:55:00Z

value	0.01321
scoring_system	epss
scoring_elements	0.79905
published_at	2026-04-11T12:55:00Z

value	0.01321
scoring_system	epss
scoring_elements	0.79887
published_at	2026-04-12T12:55:00Z

value	0.01321
scoring_system	epss
scoring_elements	0.79831
published_at	2026-04-01T12:55:00Z

value	0.01321
scoring_system	epss
scoring_elements	0.79839
published_at	2026-04-02T12:55:00Z

value	0.01321
scoring_system	epss
scoring_elements	0.7986
published_at	2026-04-04T12:55:00Z

value	0.01321
scoring_system	epss
scoring_elements	0.79848
published_at	2026-04-07T12:55:00Z

value	0.01321
scoring_system	epss
scoring_elements	0.79876
published_at	2026-04-08T12:55:00Z

value	0.01321
scoring_system	epss
scoring_elements	0.79884
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	http://www.openwall.com/lists/oss-security/2016/01/25/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/01/25/6

reference_url	http://www.openwall.com/lists/oss-security/2016/01/26/7
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/01/26/7

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.securityfocus.com/bid/85267
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/85267

reference_url	http://www.securitytracker.com/id/1035011
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035011

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301928
reference_id	1301928
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301928

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812807
reference_id	812807
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812807

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2073

reference_id

CVE-2016-2073

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2073

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-2073

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyk2-gq2c-bbcn

url VCID-udew-3gre-13hy

vulnerability_id VCID-udew-3gre-13hy

summary Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40303.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-40303

reference_id

reference_type

scores

value	0.00181
scoring_system	epss
scoring_elements	0.39746
published_at	2026-04-02T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39712
published_at	2026-04-13T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39768
published_at	2026-04-04T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39687
published_at	2026-04-07T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39741
published_at	2026-04-08T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39755
published_at	2026-04-09T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39765
published_at	2026-04-11T12:55:00Z

value	0.00181
scoring_system	epss
scoring_elements	0.39729
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-40303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40304

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

reference_url	https://nokogiri.org/CHANGELOG.html#1139-2022-10-18
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1139-2022-10-18

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224
reference_id	1022224
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022224

reference_url

http://seclists.org/fulldisclosure/2022/Dec/21

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/21

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2136266
reference_id	2136266
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2136266

reference_url

http://seclists.org/fulldisclosure/2022/Dec/24

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/24

reference_url

http://seclists.org/fulldisclosure/2022/Dec/25

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/25

reference_url

http://seclists.org/fulldisclosure/2022/Dec/26

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/26

reference_url

http://seclists.org/fulldisclosure/2022/Dec/27

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

http://seclists.org/fulldisclosure/2022/Dec/27

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2022-40303
reference_id	CVE-2022-40303
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2022-40303

reference_url	https://security.gentoo.org/glsa/202210-39
reference_id	GLSA-202210-39
reference_type
scores
url	https://security.gentoo.org/glsa/202210-39

reference_url

https://support.apple.com/kb/HT213531

reference_id

HT213531

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213531

reference_url

https://support.apple.com/kb/HT213533

reference_id

HT213533

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213533

reference_url

https://support.apple.com/kb/HT213534

reference_id

HT213534

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213534

reference_url

https://support.apple.com/kb/HT213535

reference_id

HT213535

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213535

reference_url

https://support.apple.com/kb/HT213536

reference_id

HT213536

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://support.apple.com/kb/HT213536

reference_url

https://security.netapp.com/advisory/ntap-20221209-0003/

reference_id

ntap-20221209-0003

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T04:23:26Z/

url

https://security.netapp.com/advisory/ntap-20221209-0003/

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://access.redhat.com/errata/RHSA-2023:0173
reference_id	RHSA-2023:0173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0173

reference_url	https://access.redhat.com/errata/RHSA-2023:0338
reference_id	RHSA-2023:0338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0338

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/5760-1/
reference_id	USN-5760-1
reference_type
scores
url	https://usn.ubuntu.com/5760-1/

reference_url	https://usn.ubuntu.com/5760-2/
reference_id	USN-5760-2
reference_type
scores
url	https://usn.ubuntu.com/5760-2/

reference_url	https://usn.ubuntu.com/7659-1/
reference_id	USN-7659-1
reference_type
scores
url	https://usn.ubuntu.com/7659-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2022-40303

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-udew-3gre-13hy

url VCID-ugyh-dycm-3bc3

vulnerability_id VCID-ugyh-dycm-3bc3

summary libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19956

reference_id

reference_type

scores

value	0.00154
scoring_system	epss
scoring_elements	0.36075
published_at	2026-04-13T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3601
published_at	2026-04-01T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36204
published_at	2026-04-02T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36231
published_at	2026-04-04T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36066
published_at	2026-04-07T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36115
published_at	2026-04-08T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36133
published_at	2026-04-09T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.3614
published_at	2026-04-11T12:55:00Z

value	0.00154
scoring_system	epss
scoring_elements	0.36102
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19956

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1788856
reference_id	1788856
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1788856

reference_url

https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549

reference_id

5a02583c7e683896d84878bd90641d8d9b0d0549

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_id

5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2019-19956
reference_id	CVE-2019-19956
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2019-19956

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_id

JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

reference_id

msg00005.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

reference_url

https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

reference_id

msg00032.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

reference_url

https://security.netapp.com/advisory/ntap-20200114-0002/

reference_id

ntap-20200114-0002

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/

url

https://security.netapp.com/advisory/ntap-20200114-0002/

reference_url	https://access.redhat.com/errata/RHSA-2020:2644
reference_id	RHSA-2020:2644
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2644

reference_url	https://access.redhat.com/errata/RHSA-2020:2646
reference_id	RHSA-2020:2646
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2646

reference_url	https://access.redhat.com/errata/RHSA-2020:3996
reference_id	RHSA-2020:3996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3996

reference_url	https://access.redhat.com/errata/RHSA-2020:4479
reference_id	RHSA-2020:4479
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4479

reference_url	https://access.redhat.com/errata/RHSA-2021:0949
reference_id	RHSA-2021:0949
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0949

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2019-19956

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugyh-dycm-3bc3

url VCID-vcq9-93xd-nfbe

vulnerability_id VCID-vcq9-93xd-nfbe

summary

Out-of-bounds Read
The xmlPArserPrintFileContextInternal function in libxml2, as used in Apple iOS, OS X, tvOS, and watchOS, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00003.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1838.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1838.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1838

reference_id

reference_type

scores

value	0.1065
scoring_system	epss
scoring_elements	0.93302
published_at	2026-04-13T12:55:00Z

value	0.1065
scoring_system	epss
scoring_elements	0.93301
published_at	2026-04-12T12:55:00Z

value	0.1065
scoring_system	epss
scoring_elements	0.93272
published_at	2026-04-01T12:55:00Z

value	0.1065
scoring_system	epss
scoring_elements	0.93281
published_at	2026-04-02T12:55:00Z

value	0.1065
scoring_system	epss
scoring_elements	0.93287
published_at	2026-04-04T12:55:00Z

value	0.1065
scoring_system	epss
scoring_elements	0.93285
published_at	2026-04-07T12:55:00Z

value	0.1065
scoring_system	epss
scoring_elements	0.93294
published_at	2026-04-08T12:55:00Z

value	0.1065
scoring_system	epss
scoring_elements	0.93298
published_at	2026-04-09T12:55:00Z

value	0.1065
scoring_system	epss
scoring_elements	0.93303
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1838

reference_url	https://bugs.chromium.org/p/project-zero/issues/detail?id=639
reference_id
reference_type
scores
url	https://bugs.chromium.org/p/project-zero/issues/detail?id=639

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=758588
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=758588

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://support.apple.com/HT206564
reference_id
reference_type
scores
url	https://support.apple.com/HT206564

reference_url	https://support.apple.com/HT206566
reference_id
reference_type
scores
url	https://support.apple.com/HT206566

reference_url	https://support.apple.com/HT206567
reference_id
reference_type
scores
url	https://support.apple.com/HT206567

reference_url	https://support.apple.com/HT206568
reference_id
reference_type
scores
url	https://support.apple.com/HT206568

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/90691
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90691

reference_url	http://www.securitytracker.com/id/1035890
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035890

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338705
reference_id	1338705
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338705

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::
reference_id	cpe:2.3:a:mcafee:web_gateway::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mcafee:web_gateway::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url	https://code.google.com/p/google-security-research/issues/detail?id=639
reference_id	CVE-2016-1838
reference_type	exploit
scores
url	https://code.google.com/p/google-security-research/issues/detail?id=639

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39493.txt
reference_id	CVE-2016-1838
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/39493.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1838

reference_id

CVE-2016-1838

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1838

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-1838

risk_score 10.0

exploitability 2.0

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vcq9-93xd-nfbe

url VCID-vf7b-s3y3-sfhw

vulnerability_id VCID-vf7b-s3y3-sfhw

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3537.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3537

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29532
published_at	2026-04-13T12:55:00Z

value	0.00111
scoring_system	epss
scoring_elements	0.29584
published_at	2026-04-12T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34266
published_at	2026-04-02T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34299
published_at	2026-04-04T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.33927
published_at	2026-04-01T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.3626
published_at	2026-04-07T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36337
published_at	2026-04-11T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36331
published_at	2026-04-09T12:55:00Z

value	0.00155
scoring_system	epss
scoring_elements	0.36309
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3537

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1956522

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1956522

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3537

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2021-3537.yml

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sparklemotion/nokogiri/blob/2edbbef95f1dc12c1ddc5ebda71b9159026245fe/CHANGELOG.md?plain=1#L722

reference_url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/

reference_url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nokogiri.org/CHANGELOG.html#1114-2021-05-14

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3537

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3537

reference_url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0002

reference_url	https://security.netapp.com/advisory/ntap-20210625-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210625-0002/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123
reference_id	988123
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988123

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-286v-pcf5-25rc

reference_url

reference_id

GHSA-286v-pcf5-25rc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-286v-pcf5-25rc

reference_url

reference_id

GLSA-202107-05

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json

reference_url	https://access.redhat.com/errata/RHSA-2021:2569
reference_id	RHSA-2021:2569
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2569

reference_url	https://access.redhat.com/errata/RHSA-2022:1389
reference_id	RHSA-2022:1389
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1389

reference_url	https://access.redhat.com/errata/RHSA-2022:1390
reference_id	RHSA-2022:1390
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1390

reference_url	https://usn.ubuntu.com/4991-1/
reference_id	USN-4991-1
reference_type
scores
url	https://usn.ubuntu.com/4991-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2021-3537, GHSA-286v-pcf5-25rc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vf7b-s3y3-sfhw

url VCID-wc4g-sxyq-ubcd

vulnerability_id VCID-wc4g-sxyq-ubcd

summary

Allocation of Resources Without Limits or Throttling
The xz_head function in xzlib.c in libxml2 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

references

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18258.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18258

reference_id

reference_type

scores

value	0.0079
scoring_system	epss
scoring_elements	0.73872
published_at	2026-04-13T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.7388
published_at	2026-04-12T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73824
published_at	2026-04-01T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73876
published_at	2026-04-09T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73898
published_at	2026-04-11T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73833
published_at	2026-04-02T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73858
published_at	2026-04-04T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73829
published_at	2026-04-07T12:55:00Z

value	0.0079
scoring_system	epss
scoring_elements	0.73863
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18258

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.yml

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

reference_url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20190719-0001

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190719-0001

reference_url	https://security.netapp.com/advisory/ntap-20190719-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20190719-0001/

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.archlinux.org/AVG-671

reference_url	https://usn.ubuntu.com/3739-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3739-1/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1566749
reference_id	1566749
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1566749

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245
reference_id	895245
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895245

reference_url

reference_id

AVG-671

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-671

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-18258

reference_id

CVE-2017-18258

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18258

reference_url

https://github.com/advisories/GHSA-882p-jqgm-f45g

reference_id

GHSA-882p-jqgm-f45g

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-882p-jqgm-f45g

reference_url	https://access.redhat.com/errata/RHSA-2020:1190
reference_id	RHSA-2020:1190
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1190

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2017-18258, GHSA-882p-jqgm-f45g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4g-sxyq-ubcd

url VCID-wj66-7n6c-9kam

vulnerability_id VCID-wj66-7n6c-9kam

summary security update

references

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/May/msg00004.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-2957.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-2957.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1835.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1835.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1835

reference_id

reference_type

scores

value	0.02568
scoring_system	epss
scoring_elements	0.85537
published_at	2026-04-13T12:55:00Z

value	0.02568
scoring_system	epss
scoring_elements	0.8554
published_at	2026-04-12T12:55:00Z

value	0.02568
scoring_system	epss
scoring_elements	0.85465
published_at	2026-04-01T12:55:00Z

value	0.02568
scoring_system	epss
scoring_elements	0.85477
published_at	2026-04-02T12:55:00Z

value	0.02568
scoring_system	epss
scoring_elements	0.85494
published_at	2026-04-04T12:55:00Z

value	0.02568
scoring_system	epss
scoring_elements	0.85498
published_at	2026-04-07T12:55:00Z

value	0.02568
scoring_system	epss
scoring_elements	0.85518
published_at	2026-04-08T12:55:00Z

value	0.02568
scoring_system	epss
scoring_elements	0.85528
published_at	2026-04-09T12:55:00Z

value	0.02568
scoring_system	epss
scoring_elements	0.85542
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1835

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=759020
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=759020

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url	https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb
reference_id
reference_type
scores
url	https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb

reference_url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170
reference_id
reference_type
scores
url	https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url	https://support.apple.com/HT206567
reference_id
reference_type
scores
url	https://support.apple.com/HT206567

reference_url	https://support.apple.com/HT206568
reference_id
reference_type
scores
url	https://support.apple.com/HT206568

reference_url	https://www.debian.org/security/2016/dsa-3593
reference_id
reference_type
scores
url	https://www.debian.org/security/2016/dsa-3593

reference_url	https://www.tenable.com/security/tns-2016-18
reference_id
reference_type
scores
url	https://www.tenable.com/security/tns-2016-18

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url	http://www.securityfocus.com/bid/90696
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/90696

reference_url	http://www.securitytracker.com/id/1035890
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035890

reference_url	http://www.ubuntu.com/usn/USN-2994-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2994-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1338691
reference_id	1338691
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1338691

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1835

reference_id

CVE-2016-1835

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1835

reference_url	https://access.redhat.com/errata/RHSA-2016:1292
reference_id	RHSA-2016:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1292

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-1835

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wj66-7n6c-9kam

url VCID-wtxh-xxp2-d3hr

vulnerability_id VCID-wtxh-xxp2-d3hr

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

references

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

reference_url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

reference_url	http://marc.info/?l=bugtraq&m=145382616617563&w=2
reference_id
reference_type
scores
url	http://marc.info/?l=bugtraq&m=145382616617563&w=2

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2549.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2549.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-2550.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-2550.html

reference_url	http://rhn.redhat.com/errata/RHSA-2016-1089.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2016-1089.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7942.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7942.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7942

reference_id

reference_type

scores

value	0.01457
scoring_system	epss
scoring_elements	0.80821
published_at	2026-04-13T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80765
published_at	2026-04-01T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80774
published_at	2026-04-02T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80795
published_at	2026-04-04T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80792
published_at	2026-04-07T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80819
published_at	2026-04-08T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80827
published_at	2026-04-09T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80844
published_at	2026-04-11T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.80829
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7942

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=756456
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=756456

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710

reference_url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
reference_id
reference_type
scores
url	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

reference_url	https://support.apple.com/HT206166
reference_id
reference_type
scores
url	https://support.apple.com/HT206166

reference_url	https://support.apple.com/HT206167
reference_id
reference_type
scores
url	https://support.apple.com/HT206167

reference_url	https://support.apple.com/HT206168
reference_id
reference_type
scores
url	https://support.apple.com/HT206168

reference_url	https://support.apple.com/HT206169
reference_id
reference_type
scores
url	https://support.apple.com/HT206169

reference_url	http://www.debian.org/security/2015/dsa-3430
reference_id
reference_type
scores
url	http://www.debian.org/security/2015/dsa-3430

reference_url	http://www.openwall.com/lists/oss-security/2015/10/22/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/10/22/5

reference_url	http://www.openwall.com/lists/oss-security/2015/10/22/8
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/10/22/8

reference_url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
reference_id
reference_type
scores
url	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

reference_url	http://www.securityfocus.com/bid/79507
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/79507

reference_url	http://www.securitytracker.com/id/1034243
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034243

reference_url	http://www.ubuntu.com/usn/USN-2812-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2812-1

reference_url	http://xmlsoft.org/news.html
reference_id
reference_type
scores
url	http://xmlsoft.org/news.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1276297
reference_id	1276297
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1276297

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802827
reference_id	802827
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802827

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.2:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
reference_id	cpe:2.3:o:apple:iphone_os::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::
reference_id	cpe:2.3:o:apple:mac_os_x::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
reference_id	cpe:2.3:o:apple:tvos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
reference_id	cpe:2.3:o:apple:watchos::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7942

reference_id

CVE-2015-7942

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7942

reference_url	https://security.gentoo.org/glsa/201701-37
reference_id	GLSA-201701-37
reference_type
scores
url	https://security.gentoo.org/glsa/201701-37

reference_url	https://access.redhat.com/errata/RHSA-2015:2549
reference_id	RHSA-2015:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2549

reference_url	https://access.redhat.com/errata/RHSA-2015:2550
reference_id	RHSA-2015:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:2550

reference_url	https://access.redhat.com/errata/RHSA-2016:1089
reference_id	RHSA-2016:1089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1089

reference_url	https://usn.ubuntu.com/2812-1/
reference_id	USN-2812-1
reference_type
scores
url	https://usn.ubuntu.com/2812-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2015-7942

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wtxh-xxp2-d3hr

url VCID-wy5v-dsp3-a7aa

vulnerability_id VCID-wy5v-dsp3-a7aa

summary

Improper Input Validation
The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3627

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3627.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3627.json

reference_url

reference_id

reference_type

scores

value	0.00163
scoring_system	epss
scoring_elements	0.37257
published_at	2026-04-07T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.3732
published_at	2026-04-09T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37308
published_at	2026-04-08T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37239
published_at	2026-04-01T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37331
published_at	2026-04-11T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37298
published_at	2026-04-12T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37429
published_at	2026-04-04T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.37405
published_at	2026-04-02T12:55:00Z

value	0.00163
scoring_system	epss
scoring_elements	0.3727
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1833

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1834

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1836

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1837

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1838

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1839

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1840

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3627

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4449

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4483

reference_url

http://seclists.org/fulldisclosure/2016/May/10

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://seclists.org/fulldisclosure/2016/May/10

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239

reference_url

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://www.openwall.com/lists/oss-security/2016/03/21/2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://www.openwall.com/lists/oss-security/2016/03/21/2

reference_url

http://www.openwall.com/lists/oss-security/2016/03/21/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://www.openwall.com/lists/oss-security/2016/03/21/3

reference_url

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

reference_url

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

reference_url

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

reference_url

http://www.securityfocus.com/bid/84992

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://www.securityfocus.com/bid/84992

reference_url

http://www.securitytracker.com/id/1035335

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

http://www.securitytracker.com/id/1035335

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3627

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1319829
reference_id	1319829
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1319829

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819006
reference_id	819006
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819006

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_federation_agent:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_id	cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:icewall_file_manager:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_server:3.3::::::x86:
reference_id	cpe:2.3:a:oracle:vm_server:3.3::::::x86:
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_server:3.3::::::x86:

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_server:3.4::::::x86:
reference_id	cpe:2.3:a:oracle:vm_server:3.4::::::x86:
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:vm_server:3.4::::::x86:

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:::::::*
reference_id	cpe:2.3:a:redhat:jboss_core_services:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::
reference_id	cpe:2.3:a:xmlsoft:libxml2::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:::::::*
reference_id	cpe:2.3:o:oracle:solaris:11.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

reference_url

reference_id

CVE-2016-3627

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-3627

reference_url

reference_id

GLSA-201701-37

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

reference_url

reference_id

RHSA-2016:1292

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-04T15:39:17Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json

reference_url	https://access.redhat.com/errata/RHSA-2016:2957
reference_id	RHSA-2016:2957
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2957

reference_url	https://usn.ubuntu.com/2994-1/
reference_id	USN-2994-1
reference_type
scores
url	https://usn.ubuntu.com/2994-1/

fixed_packages

url pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

purl pkg:deb/debian/libxml2@2.9.1%2Bdfsg1-5%2Bdeb8u6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-2b1g-gp84-87e8

vulnerability	VCID-2j62-5rjn-vyeu

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-33n1-125n-63h6

vulnerability	VCID-3d1e-enaq-q3cx

vulnerability	VCID-3s4n-twju-b3dw

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-51f2-w9b7-9fb4

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-69ff-ngna-mkbv

vulnerability	VCID-6h9f-6pmg-3fh3

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-7h3p-7ej2-17f1

vulnerability	VCID-7rzw-9jj5-4ybk

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-9p2f-ynzb-r3gj

vulnerability	VCID-9q49-2srz-rkg7

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ah8e-sxuu-jqcw

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-b5tz-9s1v-pkg7

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bk98-bfkg-7bdt

vulnerability	VCID-bp8r-8jjt-hygw

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-cgfv-pps6-6khd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-e9c3-5gws-u3fp

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ecde-c15q-ukh1

vulnerability	VCID-eebz-xjem-cygz

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-ghaf-ynsg-uuea

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-gxsm-qvkt-gygy

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-ked7-5tjg-nudx

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-netm-9gxh-3yh4

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-r7q9-7u4b-83cz

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s3j9-1zq5-zkf5

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-t9pa-yw9s-kqb9

vulnerability	VCID-tazr-2qgq-77fy

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-tyk2-gq2c-bbcn

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vcq9-93xd-nfbe

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-wj66-7n6c-9kam

vulnerability	VCID-wtxh-xxp2-d3hr

vulnerability	VCID-wy5v-dsp3-a7aa

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.1%252Bdfsg1-5%252Bdeb8u6

url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-2.2%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-3whx-6t3e-7beq

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4hws-gtxr-3bge

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-57yv-ay7b-v7ev

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-782a-uast-nbch

vulnerability	VCID-7bpp-2hvk-2udv

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-8tej-h12t-2fag

vulnerability	VCID-9hqf-12yh-bkc8

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-azzy-m5pc-qudn

vulnerability	VCID-bejh-22y7-kuh6

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-cbm2-cez4-bqgh

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-eb6k-ppfd-m7a3

vulnerability	VCID-ek5d-m9pn-3fec

vulnerability	VCID-gvmn-4dtv-8qcj

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-mm88-amve-quh6

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

vulnerability	VCID-qpnt-xvgv-s3cq

vulnerability	VCID-qqte-z1e6-xuh7

vulnerability	VCID-qtp3-a1g7-8kgw

vulnerability	VCID-qv3r-ppuc-zycz

vulnerability	VCID-qxwq-xwaw-nyak

vulnerability	VCID-rhgj-t5cp-wkbh

vulnerability	VCID-rsvx-3f49-v3an

vulnerability	VCID-s9r4-a3uz-4yhp

vulnerability	VCID-t53m-6vvr-27cf

vulnerability	VCID-tn87-vke6-kuf6

vulnerability	VCID-udew-3gre-13hy

vulnerability	VCID-ugyh-dycm-3bc3

vulnerability	VCID-vf7b-s3y3-sfhw

vulnerability	VCID-wc4g-sxyq-ubcd

vulnerability	VCID-x9ej-7dcq-tub2

vulnerability	VCID-xps8-1a3r-wke6

vulnerability	VCID-ymhr-ads4-qqdp

vulnerability	VCID-zm21-2pqq-3ker

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-2.2%252Bdeb9u2

aliases CVE-2016-3627

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wy5v-dsp3-a7aa

url VCID-x9ej-7dcq-tub2

vulnerability_id VCID-x9ej-7dcq-tub2

summary

Double Free
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

references

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29469.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-29469

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.2209
published_at	2026-04-02T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2196
published_at	2026-04-13T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2214
published_at	2026-04-04T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2191
published_at	2026-04-07T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.21991
published_at	2026-04-08T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22046
published_at	2026-04-09T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22061
published_at	2026-04-11T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2202
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-29469

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/510

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/issues/510

reference_url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html

reference_url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11
reference_id
reference_type
scores
url	https://nokogiri.org/CHANGELOG.html#1143-2023-04-11

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437
reference_id	1034437
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034437

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2185984
reference_id	2185984
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2185984

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-29469
reference_id	CVE-2023-29469
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-29469

reference_url	https://security.gentoo.org/glsa/202402-11
reference_id	GLSA-202402-11
reference_type
scores
url	https://security.gentoo.org/glsa/202402-11

reference_url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_id

ntap-20230601-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:02:27Z/

url

https://security.netapp.com/advisory/ntap-20230601-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:4349
reference_id	RHSA-2023:4349
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4349

reference_url	https://access.redhat.com/errata/RHSA-2023:4529
reference_id	RHSA-2023:4529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4529

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2024:0413
reference_id	RHSA-2024:0413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0413

reference_url	https://usn.ubuntu.com/6028-1/
reference_id	USN-6028-1
reference_type
scores
url	https://usn.ubuntu.com/6028-1/

reference_url	https://usn.ubuntu.com/6028-2/
reference_id	USN-6028-2
reference_type
scores
url	https://usn.ubuntu.com/6028-2/

fixed_packages

url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-27jd-t23h-73f4

vulnerability	VCID-31w8-13b6-8beh

vulnerability	VCID-464a-typa-7qbu

vulnerability	VCID-4m3j-qy8c-4uhk

vulnerability	VCID-62bb-e8vk-7uh4

vulnerability	VCID-74y5-vcxn-2ygr

vulnerability	VCID-8d2w-3c3p-zqaz

vulnerability	VCID-aasn-u7fd-8bhy

vulnerability	VCID-ahha-vnq4-7qd2

vulnerability	VCID-bz1e-1ypb-kkgg

vulnerability	VCID-c9ds-faa9-t7be

vulnerability	VCID-d1ar-1945-sygd

vulnerability	VCID-d68t-f8j1-h3am

vulnerability	VCID-drkd-yykc-ayge

vulnerability	VCID-hafa-bcpu-8uaj

vulnerability	VCID-knx8-5fpz-zbgn

vulnerability	VCID-nj3a-zqw9-6bga

vulnerability	VCID-nuh8-qd25-ykan

vulnerability	VCID-pdv9-xrh8-d3fz

vulnerability	VCID-qh44-gavt-rbdw

vulnerability	VCID-qp6y-dt1j-97df

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4

aliases CVE-2023-29469

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ej-7dcq-tub2

url VCID-xps8-1a3r-wke6

vulnerability_id VCID-xps8-1a3r-wke6

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3516.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3516

reference_id

reference_type

scores

value	0.00343
scoring_system	epss
scoring_elements	0.56934
published_at	2026-04-07T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56985
published_at	2026-04-08T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56988
published_at	2026-04-09T12:55:00Z

value	0.00343
scoring_system	epss
scoring_elements	0.56995
published_at	2026-04-11T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57651
published_at	2026-04-04T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57629
published_at	2026-04-02T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57545
published_at	2026-04-01T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58347
published_at	2026-04-12T12:55:00Z

value	0.00362
scoring_system	epss
scoring_elements	0.58327
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3516

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3516

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
reference_id
reference_type
scores
url	https://gitlab.gnome.org/GNOME/libxml2/-/issues/230

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1954225
reference_id	1954225
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1954225

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739
reference_id	987739
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987739

reference_url

reference_id

AVG-1883

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url