65 matches found
UBUNTU-CVE-2022-0217
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...
Expat 输入验证错误漏洞
Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists prior to Expat 2.4.5, which stems from the presence of an integer overflow in storeRawNames. No detailed vulnerability details are currently available...
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
...
Expat 输入验证错误漏洞
Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in xmlparse.c in lookup when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on t...
Denial Of Service (DoS)
python is vulnerable to denial of service DoS. The vulnerability exists as a buffer over-read flaw was found in the way the Python Expat parser handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause Python applications using the Python Expat parser t...
expat: Integer overflow leading to buffer overflow in XML_GetBuffer()
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...
F5 Networks BIG-IP : Expat XML parser vulnerability (K65460334)
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. CVE-2012-6702 Impact An attacker may be able to defeat...
UBUNTU-CVE-2016-9063
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox 50...
ALPINE-CVE-2012-6702
Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...
SUSE-SU-2016:1512-1 Security update for expat
This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. bsc979441 - CVE-2015-1283: Fix multiple integer overflows. bnc980391...
Scientific Linux Security Update : PyXML on SL4.x, SL5.x i386/x86_64
A buffer over-read flaw was found in the way PyXML's Expat parser handled malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause Python applications using PyXML's Expat parser to crash while parsing the file. CVE-2009-3720 This update makes PyXML use the...
Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64
A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the 'file://' URL type. This...
UBUNTU-CVE-2012-0876
The XML parser xmlparse.c in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via an XML file with many identifiers with the same value...
CentOS Update for PyXML CESA-2010:0002 centos5 i386
Check for the Version of PyXML OpenVAS Vulnerability Test CentOS Update for PyXML CESA-2010:0002 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for python CESA-2011:0491 centos4 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CentOS 5 : python (CESA-2011:0492)
Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
RedHat Update for python RHSA-2011:0492-01
Check for the Version of python OpenVAS Vulnerability Test RedHat Update for python RHSA-2011:0492-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CentOS 4 : python (CESA-2011:0491)
Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Moderate: Red Hat Security Advisory: python security update
Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
CentOS Update for PyXML CESA-2010:0002 centos4 i386
Check for the Version of PyXML OpenVAS Vulnerability Test CentOS Update for PyXML CESA-2010:0002 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...