31 matches found
CVE-2026-31247
Docling’s JATS XML backend (up to version 2.61.0) is vulnerable to XML Entity Expansion (XXE). The backend uses etree.parse() without disabling entity resolution, allowing an attacker to submit a crafted XML with nested entity expansions (XML Bomb). Processing such payloads causes exponential ent...
EUVD-2017-0174
Malware in sbrugna...
CVE-2011-1757
DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...
Azure Linux 3.0 Security Update: expat / python3 (CVE-2024-28757)
The version of expat / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28757 advisory. - libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external...
EulerOS Virtualization 2.12.1 : expat (EulerOS-SA-2024-2304)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1956)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1905)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : expat (EulerOS-SA-2024-1881)
According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for...
RHEL 9 : expat (RHSA-2024:1530)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1530 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: parsing large tokens can trigger a denial of service CVE-2023-52425...
libexpat Security Vulnerabilities
libexpat is a streaming XML parser written in the C language. A security vulnerability exists in libexpat 2.6.1 and earlier versions, which arises from an XML entity expansion attack allowed when an external parser is used alone...
CVE-2021-40511
OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion aka “billion laughs” attack allowing denial of service...
OBDA systems Mastro 安全漏洞
OBDA systems Mastro is a Java tool for ontology-based data access OBDA from OBDA systems, Italy. A security vulnerability exists in OBDA systems Mastro version 1.0 that stems from an XML entity extension attack that is vulnerable to denial of service...
OPENSUSE-SU-2021:1917-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. bsc1186015...
CentOS 8 : libxml2 (CESA-2021:2569)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2569 advisory. - libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 - libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal i...
Oracle Linux 8 : libxml2 (ELSA-2021-2569)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2569 advisory. - Fix CVE-2021-3541 1958783 - Fix CVE-2021-3516 1956975 - Fix CVE-2021-3517 1957000 - Fix CVE-2021-3518 1957027 Tenable has extracted the preceding...
Moderate: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RLSA-2021:2569 Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c CVE-2021-3517 libxml2...
RHEL 8 : libxml2 (RHSA-2021:2569)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2569 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free ...
openSUSE 15 Security Update : libxml2 (openSUSE-SU-2021:0886-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:0886-1 advisory. - A flaw exists in libxml2 which allows for an exponential entity expansion attack which can bypass existing protection mechanisms leading to a...
Security update for libxml2 (moderate)
openSUSE Security Update: Security update for libxml2 Announcement ID: openSUSE-SU-2021:0886-1 Rating: moderate References: 1186015 Cross-References: CVE-2021-3541 CVSS scores: CVE-2021-3541 SUSE: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 An update tha...