MiracleLinux 7 : expat-2.1.0-11.el7 (AXSA:2020-4551:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4551:01 advisory. expat: Integer overflow leading to buffer overflow in XMLGetBuffer CVE-2015-2716 Tenable has extracted the preceding description block directly from the...

MiracleLinux 4 : firefox-38.0-4.0.1.AXS4 (AXSA:2015-141:04)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-141:04 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

EUVD-2016-5459

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-2716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : xmltok library vulnerabilities (USN-5455-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5455-1 advisory. Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled...

Oracle Linux 7 : expat (ELSA-2020-1011)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1011 advisory. 2.1.0-11 - add security fix for CVE-2015-2716 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

SUSE: Security Advisory (SUSE-SU-2015:0978-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : expat Vulnerability (NS-SA-2020-0116)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has expat packages installed that are affected by a vulnerability: - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute...

NewStart CGSL CORE 5.04 / MAIN 5.04 : expat Vulnerability (NS-SA-2020-0077)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has expat packages installed that are affected by a vulnerability: - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute...

Moderate: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Medium: expat

Issue Overview: Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. CVE-2015-2716 Affecte...

Scientific Linux Security Update : expat on SL7.x x86_64 (20200407)

expat: Integer overflow leading to buffer overflow in XMLGetBuffer C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid135808; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate", value:"2024/03/15";...

expat security update

2.1.0-11 - add security fix for CVE-2015-2716...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Denial Of Service (DoS)

expat is vulnerable to denial of service DoS attacks, with the possibility of other attacks. The vulnerability exists because there are multiple integer overflows in the XMLGetBuffer function that leads to a heap-based buffer overflow which may lead to further unspecified impact. CVE-2016-4472 is...

F5 Networks BIG-IP : Expat XML library vulnerability (K50459349)

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. CVE-2015-2716 C Tenable Network...

Denial Of Service (DoS)

expat is vulnerable to denial of service DoS attacks with the potential for other impacts. The vulnerability exists because there are multiple integer overflows in the XMLGetBuffer function that leads to a heap-based buffer overflow which may lead to further unspecified impact. This issue is...

Buffer overflow

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

PSF-2016-6 Expat 2.2 (Expat bug #537)

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

expat2 -- denial of service

Adam Maris reports: It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch...