MiracleLinux 8 : xmlrpc-c-1.51.0-8.el8 (AXSA:2022-4217:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4217:04 advisory. expat: Integer overflow in doProlog in xmlparse.c CVE-2021-46143 expat: Integer overflow in addBinding in xmlparse.c CVE-2022-22822 expat: Integer...

CVE-2021-22826

A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert 9.0 and prior versions...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2022-22826)

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504222;...

EUVD-2021-22826

Malware in sbrugna...

CVE-2025-22826

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpecommerce Sell Digital Downloads sell-digital-downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through = 2.2.7...

Alibaba Cloud Linux 3 : 0021: expat (ALINUX3-SA-2022:0021)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0021 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-45960: In Expat aka libexpat befo...

Linux Distros Unpatched Vulnerability : CVE-2022-22826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow. CVE-2022-22826 Note that Nessus relies on the presence of the package...

CVE-2025-22826

CVE-2025-22826 describes a stored Cross‑Site Scripting vulnerability in the WordPress plugin set Sell Digital Downloads (Sell Digital Downloads) due to improper neutralization of input during web page generation. The CVE indicates the issue affects Sell Digital Downloads: from n/a through 2.2.7, ...

CVE-2025-22826 WordPress Sell Digital Downloads plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpecommerce Sell Digital Downloads sell-digital-downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through = 2.2.7...

Amazon Linux 2022 : expat, expat-devel, expat-static (ALAS2022-2022-017)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-017 advisory. In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing...

RHEL 6 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: Large number of prefixed XML attributes on a single tag can crash libexpat CVE-2021-45960 - expat:...

CentOS 9 : expat-2.2.10-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the expat-2.2.10-9.el9 build changelog. - Large number of prefixed XML attributes on a single tag can crash libexpat CVE-2021-45960 - Integer overflow in doProlog in xmlparse.c...

NewStart CGSL MAIN 6.06 : expat Multiple Vulnerabilities (NS-SA-2023-0082)

The remote NewStart CGSL host, running version MAIN 6.06, has expat packages installed that are affected by multiple vulnerabilities: - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating to...

Rocky Linux 8 : expat (RLSA-2022:0951)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0951 advisory. - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g.,...

Rocky Linux 8 : xmlrpc-c (RLSA-2022:7692)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7692 advisory. - In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow exists for mgroupSize. CVE-2021-46143 - addBinding in xmlparse.c in...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : xmltok library vulnerabilities (USN-5455-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5455-1 advisory. Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled...

Nessus Network Monitor < 6.2.1 Multiple Vulnerabilities (TNS-2023-19)

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-19 advisory. - Nessus Network Monitor leverages third-party software to help provide underlying...

Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2023-058)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-058 advisory. In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing...

K91589041: Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827

Security Advisory Description CVE-2021-45960 In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. CVE-2022-22825 lookup in xmlparse.c in Expat aka...

Ubuntu: Security Advisory (USN-5455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...