30 matches found
CVE-2026-31247
Docling’s JATS XML backend (up to version 2.61.0) is vulnerable to XML Entity Expansion (XXE). The backend uses etree.parse() without disabling entity resolution, allowing an attacker to submit a crafted XML with nested entity expansions (XML Bomb). Processing such payloads causes exponential ent...
EUVD-2017-0174
Malware in sbrugna...
CVE-2011-1757
DJabberd 0.84 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564...
Azure Linux 3.0 Security Update: expat / python3 (CVE-2024-28757)
The version of expat / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28757 advisory. - libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external...
EulerOS Virtualization 2.12.1 : expat (EulerOS-SA-2024-2304)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1956)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1905)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : expat (EulerOS-SA-2024-1881)
According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for...
RHEL 9 : expat (RHSA-2024:1530)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1530 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: parsing large tokens can trigger a denial of service CVE-2023-52425...
libexpat Security Vulnerabilities
libexpat is a streaming XML parser written in the C language. A security vulnerability exists in libexpat 2.6.1 and earlier versions, which arises from an XML entity expansion attack allowed when an external parser is used alone...
OBDA systems Mastro 安全漏洞
OBDA systems Mastro is a Java tool for ontology-based data access OBDA from OBDA systems, Italy. A security vulnerability exists in OBDA systems Mastro version 1.0 that stems from an XML entity extension attack that is vulnerable to denial of service...
OPENSUSE-SU-2021:1917-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. bsc1186015...
CentOS 8 : libxml2 (CESA-2021:2569)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2569 advisory. - libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 - libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal i...
Oracle Linux 8 : libxml2 (ELSA-2021-2569)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2569 advisory. - Fix CVE-2021-3541 1958783 - Fix CVE-2021-3516 1956975 - Fix CVE-2021-3517 1957000 - Fix CVE-2021-3518 1957027 Tenable has extracted the preceding...
Moderate: Red Hat Security Advisory: libxml2 security update
An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
RLSA-2021:2569 Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free in xmlEncodeEntitiesInternal in entities.c CVE-2021-3516 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal in entities.c CVE-2021-3517 libxml2...
RHEL 8 : libxml2 (RHSA-2021:2569)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2569 advisory. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Use-after-free ...
openSUSE 15 Security Update : libxml2 (openSUSE-SU-2021:0886-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:0886-1 advisory. - A flaw exists in libxml2 which allows for an exponential entity expansion attack which can bypass existing protection mechanisms leading to a...
Security update for libxml2 (moderate)
openSUSE Security Update: Security update for libxml2 Announcement ID: openSUSE-SU-2021:0886-1 Rating: moderate References: 1186015 Cross-References: CVE-2021-3541 CVSS scores: CVE-2021-3541 SUSE: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 An update tha...
SUSE-SU-2021:1917-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. bsc1186015...