SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozjs115 (SUSE-SU-2026:1870-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1870-1 advisory. This update for mozjs115 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer...

libmozjs-140-0-140.10.0-1.1 on GA media (moderate)

libmozjs-140-0-140.10.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10642-1 Rating: moderate Cross-References: CVE-2026-32776 CVE-2026-32777 CVE-2026-32778 CVSS scores: CVE-2026-32776 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-32776 SUSE : 8.7...

Photon OS 5.0: Expat PHSA-2026-5.0-0830

An update of the expat package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0830. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Multiple vulnerabilities in Python affect AIX

IBM SECURITY ADVISORY First Issued: Wed Apr 15 15:19:52 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory19.asc Security Bulletin: Multiple vulnerabilities in Python affect AIX...

CVE-2026-32778 affecting package expat for versions less than 2.6.4-5

CVE-2026-32778 affecting package expat for versions less than 2.6.4-5. A patched version of the package is available...

openSUSE Security Advisory (SUSE-SU-2026:1166-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2026:1166-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities due to libexpat (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778)

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat. Vulnerability Details CVEID:CVE-2026-32776 DESCRIPTION: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CWE:CWE-476: NULL...

Medium: firefox

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-055 (ALASFIREFOX-2026-055)

The version of firefox installed on the remote host is prior to 140.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2026-055 advisory. A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XM...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3219 (ALAS-2026-3219)

The version of thunderbird installed on the remote host is prior to 140.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3219 advisory. A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML...

Medium: thunderbird

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

Medium: firefox

Issue Overview: A flaw was found in libexpat. A remote attacker could exploit this vulnerability by providing specially crafted XML content with empty external parameter entities. This could lead to a NULL pointer dereference, causing the application to crash and resulting in a Denial of Service...

ROOT-OS-DEBIAN-11-CVE-2026-32778 CVE-2026-32778 in rootio-expat - Patched by Root

Root has patched CVE-2026-32778 in the rootio-expat package for Root:Debian:11. Multiple fixed versions available...

Mageia: Security Advisory (MGASA-2026-0061)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] expat

New expat packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/expat-2.7.5-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Fix NULL function pointer dereference for empty external...

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

...

UBUNTU-CVE-2026-32778

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...

CVE-2026-32778

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...

CVE-2026-32778

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition...