{"url":"http://public2.vulnerablecode.io/api/packages/371216?format=json","purl":"pkg:rpm/redhat/libxml@1:1.8.17-9?arch=2","type":"rpm","namespace":"redhat","name":"libxml","version":"1:1.8.17-9","qualifiers":{"arch":"2"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199768?format=json","vulnerability_id":"VCID-dwan-9e5w-2yfm","summary":"Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0989.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0989","reference_id":"","reference_type":"","scores":[{"value":"0.24274","scoring_system":"epss","scoring_elements":"0.96214","published_at":"2026-06-11T12:55:00Z"},{"value":"0.24274","scoring_system":"epss","scoring_elements":"0.96225","published_at":"2026-06-12T12:55:00Z"},{"value":"0.24274","scoring_system":"epss","scoring_elements":"0.96228","published_at":"2026-06-13T12:55:00Z"},{"value":"0.24274","scoring_system":"epss","scoring_elements":"0.9623","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0989"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=430645","reference_id":"430645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=430645"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24704.c","reference_id":"CVE-2004-0989;OSVDB-11179","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/24704.c"},{"reference_url":"https://www.securityfocus.com/bid/11526/info","reference_id":"CVE-2004-0989;OSVDB-11179","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/11526/info"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:615","reference_id":"RHSA-2004:615","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:615"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:650","reference_id":"RHSA-2004:650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:650"},{"reference_url":"https://usn.ubuntu.com/89-1/","reference_id":"USN-89-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/89-1/"}],"fixed_packages":[],"aliases":["CVE-2004-0989"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dwan-9e5w-2yfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199659?format=json","vulnerability_id":"VCID-zmvg-29ry-jbhf","summary":"Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0110.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0110","reference_id":"","reference_type":"","scores":[{"value":"0.4134","scoring_system":"epss","scoring_elements":"0.97492","published_at":"2026-06-11T12:55:00Z"},{"value":"0.4134","scoring_system":"epss","scoring_elements":"0.975","published_at":"2026-06-12T12:55:00Z"},{"value":"0.4134","scoring_system":"epss","scoring_elements":"0.97502","published_at":"2026-06-13T12:55:00Z"},{"value":"0.4134","scoring_system":"epss","scoring_elements":"0.97503","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0110"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=430644","reference_id":"430644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=430644"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/601.c","reference_id":"OSVDB-4033;CVE-2004-0110","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/601.c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:090","reference_id":"RHSA-2004:090","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:090"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:091","reference_id":"RHSA-2004:091","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:091"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:650","reference_id":"RHSA-2004:650","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:650"}],"fixed_packages":[],"aliases":["CVE-2004-0110"],"risk_score":0.8,"exploitability":"2.0","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zmvg-29ry-jbhf"}],"fixing_vulnerabilities":[],"risk_score":"0.8","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libxml@1:1.8.17-9%3Farch=2"}