Lucene search
K

9 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerabilities in Firefox, Thunderbird, and Expat

In libexpat before version 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.9CVSS7.8AI score0.0017EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 4:39 p.m.7 views

CLSA-2026-1770741587 expat: Fix of CVE-2026-24515

CVE-2026-24515: fix NULL pointer dereference in XMLExternalEntityParserCreate...

2.9CVSS7.3AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/02/10 2:3 p.m.9 views

CLSA-2026-1770732201 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: XMLExternalEntityParserCreate failure to copy the encoding handler data can cause a NULL dereference. - debian/patches/CVE-2026-24515.patch: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - CVE-2026-24515...

2.9CVSS6.8AI score0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/02/06 4:7 p.m.6 views

CLSA-2026-1770394049 expat: Fix of CVE-2026-24515

CVE-2026-24515: fix NULL pointer dereference in XMLExternalEntityParserCreate...

2.9CVSS7.2AI score0.0017EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/01/31 12:0 a.m.7 views

expat -- multiple vulnerabilities

expat team reports: Update contains 2 security fixes: CVE-2026-24515: NULL dereference in function XMLExternalEntityParserCreate CVE-2026-25210: missing check for integer overflow in function doContent...

7.8CVSS5.5AI score0.00193EPSS
Exploits0
OSV
OSV
added 2026/01/23 8:16 a.m.4 views

ALPINE-CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.5CVSS5.1AI score0.0017EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/06/07 12:0 a.m.23 views

EulerOS Virtualization 2.11.0 : expat (EulerOS-SA-2023-2088)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCrea...

7.5CVSS7.2AI score0.02241EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.2 views

SUSE CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations...

8.1CVSS7.5AI score0.02241EPSS
Exploits1References56
RedHat Linux
RedHat Linux
added 2022/11/21 12:40 p.m.5 views

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...

7.5CVSS6.7AI score0.02241EPSS
Exploits1References5
Rows per page
Query Builder