Manageability software development kit

This hub aggregates every CVE we track for Manageability software development kit, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Manageability software development kit.

• CVE-2025-24928libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untruste...7.8Feb 18, 2025
• CVE-2024-56171libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be ...7.8Feb 18, 2025
• CVE-2022-40304An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can...7.8Nov 23, 2022
• CVE-2022-29824In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitatio...6.5May 3, 2022
• CVE-2022-23308valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.7.5Feb 26, 2022
• CVE-2021-3712Read buffer overruns processing ASN.1 strings7.4Aug 24, 2021
• CVE-2021-3711SM2 Decryption Buffer Overflow9.8Aug 24, 2021
• CVE-2021-3541A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.6.5Jul 9, 2021
• CVE-2021-3517There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the aff...8.6May 19, 2021
• CVE-2021-3518There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The great...8.8May 18, 2021
• CVE-2021-3537A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parse...5.9May 14, 2021
• CVE-2020-1971EDIPARTYNAME NULL pointer dereference5.9Dec 8, 2020
• CVE-2020-24977GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.6.5Sep 3, 2020
• CVE-2018-1285Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlle...9.8May 11, 2020
• CVE-2019-19956xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.7.5Dec 24, 2019