Lucene search
K

65 matches found

OSV
OSV
added 2022/08/26 6:15 p.m.10 views

UBUNTU-CVE-2022-0217

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs CWE-776. In addition, depending on the libexpa...

7.5CVSS5.8AI score0.04563EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.5 views

Expat 输入验证错误漏洞

Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists prior to Expat 2.4.5, which stems from the presence of an integer overflow in storeRawNames. No detailed vulnerability details are currently available...

9.8CVSS8.6AI score0.04781EPSS
Exploits1References73
Microsoft CVE
Microsoft CVE
added 2022/01/14 8:0 a.m.7 views

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

...

8.8CVSS7.5AI score0.02801EPSS
Exploits0
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.2 views

Expat 输入验证错误漏洞

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in xmlparse.c in lookup when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on t...

8.8CVSS9.3AI score0.02636EPSS
Exploits0References44
Veracode
Veracode
added 2020/04/10 12:55 a.m.27 views

Denial Of Service (DoS)

python is vulnerable to denial of service DoS. The vulnerability exists as a buffer over-read flaw was found in the way the Python Expat parser handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause Python applications using the Python Expat parser t...

5CVSS2.1AI score0.27924EPSS
Exploits1References118Affected Software3
RedHat Linux
RedHat Linux
added 2020/03/31 8:33 p.m.4 views

expat: Integer overflow leading to buffer overflow in XML_GetBuffer()

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283...

7.5CVSS7.4AI score0.07417EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2017/05/11 12:0 a.m.170 views

F5 Networks BIG-IP : Expat XML parser vulnerability (K65460334)

Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. CVE-2012-6702 Impact An attacker may be able to defeat...

5.9CVSS6.8AI score0.02371EPSS
Exploits0References2
OSV
OSV
added 2016/11/17 12:0 a.m.3 views

UBUNTU-CVE-2016-9063

An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox 50...

9.8CVSS7.2AI score0.05742EPSS
Exploits0References4
OSV
OSV
added 2016/06/16 6:59 p.m.4 views

ALPINE-CVE-2012-6702

Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...

5.9CVSS8.5AI score0.02371EPSS
Exploits0References1
OSV
OSV
added 2016/06/07 11:42 a.m.7 views

SUSE-SU-2016:1512-1 Security update for expat

This update for expat fixes the following issues: Security issue fixed: - CVE-2016-0718: Fix Expat XML parser that mishandles certain kinds of malformed input documents. bsc979441 - CVE-2015-1283: Fix multiple integer overflows. bnc980391...

9.8CVSS9.1AI score0.19069EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.28 views

Scientific Linux Security Update : PyXML on SL4.x, SL5.x i386/x86_64

A buffer over-read flaw was found in the way PyXML's Expat parser handled malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause Python applications using PyXML's Expat parser to crash while parsing the file. CVE-2009-3720 This update makes PyXML use the...

5CVSS6.5AI score0.27924EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.35 views

Scientific Linux Security Update : python on SL4.x, SL5.x i386/x86_64

A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the 'file://' URL type. This...

6.4CVSS7.4AI score0.27924EPSS
Exploits3References7
OSV
OSV
added 2012/07/03 12:0 a.m.3 views

UBUNTU-CVE-2012-0876

The XML parser xmlparse.c in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via an XML file with many identifiers with the same value...

4.3CVSS6.9AI score0.05724EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.34 views

CentOS Update for PyXML CESA-2010:0002 centos5 i386

Check for the Version of PyXML OpenVAS Vulnerability Test CentOS Update for PyXML CESA-2010:0002 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

5CVSS7.4AI score0.27924EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.32 views

CentOS Update for python CESA-2011:0491 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.4CVSS6.9AI score0.27924EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2011/05/06 12:0 a.m.32 views

CentOS 5 : python (CESA-2011:0492)

Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

6.4CVSS7.2AI score0.27924EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2011/05/06 12:0 a.m.29 views

RedHat Update for python RHSA-2011:0492-01

Check for the Version of python OpenVAS Vulnerability Test RedHat Update for python RHSA-2011:0492-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

6.4CVSS7.9AI score0.27924EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2011/05/06 12:0 a.m.45 views

CentOS 4 : python (CESA-2011:0491)

Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

6.4CVSS7.5AI score0.27924EPSS
Exploits3References8
RedHat Linux
RedHat Linux
added 2011/05/05 6:16 p.m.63 views

Moderate: Red Hat Security Advisory: python security update

Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

6.4CVSS6.9AI score0.27924EPSS
Exploits2References5
OpenVAS
OpenVAS
added 2010/01/19 12:0 a.m.33 views

CentOS Update for PyXML CESA-2010:0002 centos4 i386

Check for the Version of PyXML OpenVAS Vulnerability Test CentOS Update for PyXML CESA-2010:0002 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

5CVSS7.4AI score0.27924EPSS
Exploits1References2
Rows per page
Query Builder