Lucene search
K

53 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/27 8:5 a.m.17 views

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.12 views

CVE-2026-56406

A flaw was found in libexpat. An integer overflow vulnerability exists in the XMLParseBuffer function due to a missing check. This flaw could allow an attacker to cause memory corruption, potentially leading to arbitrary code execution, information disclosure, or a denial of service. Mitigation...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/06/21 3:48 p.m.7 views

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/21 3:48 p.m.34 views

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS0.00102EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/21 3:48 p.m.4 views

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51242

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow occurs in the XML ParseBuffer function because it lacks a specific check that is implemented in the XML Parse function. Recommendations Update to version 2.8.2 or later...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens RUGGEDCOM RST2428P Uncontrolled Recursion (CVE-2025-8732)

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...

4.8CVSS5.2AI score0.00202EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

GPAC MP4Box 安全漏洞

GPAC MP4Box is a multimedia packager. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Previous versions of GPAC MP4Box, including version 86b0e36, had a security...

7.8CVSS5.9AI score0.00165EPSS
Exploits1References2
CVE
CVE
added 2026/01/28 12:27 a.m.13 views

CVE-2026-24852

The CVE-2026-24852 issue affects iccDEV before version 2.3.1.2, where a heap-buffer-over-read can occur in icXmlParseTextString() when strlen() reads a non-null-terminated buffer, potentially leaking heap memory and causing application termination. The fixed release is 2.3.1.2. It involves ICC co...

8.1CVSS6AI score0.00249EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : expat-2.1.0-14.el7 (AXSA:2022-3129:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3129:02 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

9.8CVSS8.4AI score0.34174EPSS
Exploits3References13
NVD
NVD
added 2026/01/07 6:15 p.m.12 views

CVE-2026-21506

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic, leading to denial of service. This issue has been...

5.5CVSS0.00155EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2025/12/23 12:24 p.m.4 views

Security update for mozjs52

This update for mozjs52 fixes the following issues: CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart bsc1230038 CVE-2024-45490: Fixed negative len for...

8.2CVSS7.4AI score0.01686EPSS
Exploits0References16
OSV
OSV
added 2025/10/17 5:40 p.m.4 views

JLSEC-2025-77 An issue was discovered in libxml2 before 2.10.3

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

7.5CVSS7.1AI score0.22791EPSS
Exploits2References26
OSV
OSV
added 2025/02/03 8:54 a.m.6 views

SUSE-SU-2025:20045-1 Security update for expat

This update for expat fixes the following issues: - CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 - CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 - CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 - CVE-2024-28757: XML Entity...

9.8CVSS6.9AI score0.02006EPSS
Exploits1References9
SUSE Linux
SUSE Linux
added 2025/02/03 8:54 a.m.5 views

Security update for expat

This update for expat fixes the following issues: CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 CVE-2024-28757: XML Entity Expansion...

7.5CVSS7.6AI score0.02006EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.27 views

EulerOS 2.0 SP9 : xmlrpc-c (EulerOS-SA-2025-1067)

According to the versions of the xmlrpc-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer.CVE-2024-45490 An issue was...

9.8CVSS7.1AI score0.01686EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/08 12:0 a.m.9 views

EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2827)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time.CVE-2023-52426 An issue was discovered in libexp...

9.8CVSS7.5AI score0.01686EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2024/10/07 12:16 p.m.4 views

Security update for mozjs115

This update for mozjs115 fixes the following issues: CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded...

6.9CVSS8AI score0.01686EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2024/09/18 12:1 p.m.3 views

libexpat: Negative Length Parsing Vulnerability in libexpat

A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XMLParseBuffer function...

9.8CVSS7.3AI score0.01686EPSS
Exploits0References7
OSV
OSV
added 2024/09/17 9:29 p.m.9 views

CLSA-2024-1726608591 expat: Fix of 3 CVEs

CVE-2024-45490: Reject negative length for XMLParseBuffer in xmlparse.c - CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...

9.8CVSS7.2AI score0.01686EPSS
Exploits0References1
Rows per page
Query Builder