Security Bulletin: Oracle Outside In Technology (OIT) v8.5.7 BP7 vulnerabilities CVE-2025-29482 (vulnerable), CVE-2024-8176 (not vulnerable) in FileNet Content Manager (FNCM) Content Based Retrieval (CBR) content indexing

Summary Oracle Outside In Technology OIT v8.5.7 BP7 July, 2025 CVE-2025-29482 vulnerable, CVE-2024-8176 affected, not vulnerable security vulnerabilities in FileNet Content Manager FNCM Content Based Retrieval CBR content indexing. Vulnerability Details CVEID:CVE-2024-8176 DESCRIPTION: A stack...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2026-1113)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : expat (EulerOS-SA-2026-1113)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted fo...

MiracleLinux 8 : xmlrpc-c-1.51.0-11.el8_10 (AXSA:2025-9874:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9874:01 advisory. libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 Tenable has extracted the preceding description block directly...

MiracleLinux 9 : expat-2.5.0-5.el9_6 (AXSA:2025-10214:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10214:03 advisory. libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 Tenable has extracted the preceding description block directly...

RHEL 8 : expat (RHSA-2025:22607)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22607 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: internal entity expansion CVE-2013-0340 expat: integer overflow in t...

Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syste...

Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 9 : expat (RHSA-2025:22034)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22034 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: Improper Restriction of XML Entity Expansion Depth in...

TencentOS Server 4: expat (TSSA-2025:0629)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0629 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

OESA-2025-2673 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML...

OESA-2025-2672 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML...

Siemens SIMATIC and SCALANCE Uncontrolled Recursion (CVE-2024-8176)

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

Important: xmlrpc-c

Issue Overview: libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. Considering the tradeoff between the stability of Amazon Linux and the impact of CVE-2023-52425...

Updated expat packages fix security vulnerabilities

Improper restriction of xml entity expansion depth in libexpat. CVE-2024-8176 This is an extension of the fix published in MGASA-2025-0109 that was determined by upstream to be incomplete. Libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small...

RockyLinux 9 : expat (RLSA-2025:7444)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7444 advisory. libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 Tenable has extracted the preceding description block directly from...

expat security update

An update is available for expat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat...

Advisory ROSA-SA-2025-2958

Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 2.1 unaffected versions = xmlrpc-c-1.51.0-11.0.1.rv3 affected versions xmlrpc-c-1.51.0-11.0.1.rv3 CVE-ID: CVE-2024-8176 BDU-ID: 2025-04573 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to a stack-bas...

Linux Distros Unpatched Vulnerability : CVE-2024-8176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML documen...

RockyLinux 8 : expat (RLSA-2025:3913)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3913 advisory. libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 Tenable has extracted the preceding description block directly from...