OESA-2026-2498 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

[SECURITY] Fedora 43 Update: mingw-expat-2.8.1-1.fc43

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 44 Update: mingw-expat-2.8.1-1.fc44

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

CVE-2026-7210

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

MiracleLinux 4 : expat-2.0.1-11.AXS4 (AXSA:2012-577:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-577:01 advisory. This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers wi...

EUVD-2012-0901

Malware in sbrugna...

EUVD-2004-1375

Malware in sbrugna...

[SECURITY] Fedora 41 Update: expat-2.7.2-1.fc41

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] [DLA 4145-1] expat security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4145-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 30, 2025 https://wiki.debian.org/LTS -...

Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9

Summary Apache Portable Runtime, The Expat XML Parser and DOORS Web Access are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.8 is vulnerable to the below mentioned CVEs. Remediation actions a...

Linux Distros Unpatched Vulnerability : CVE-2016-5300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context- dependent attackers to cause a denial of service CPU...

USN-7199-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2015-1283, CVE-2016-0718,...

F5 Networks BIG-IP : Expat XML parser vulnerability (K51011533)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 13.1.5 / 14.1.4.2 / 14.1.4.5 / 15.1.3 / 15.1.4 / 16.0.1.2 / 16.1.0 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K51011533 advisory. - In libexpat in Expat before 2.2.7, X...

CLSA-2022-1667494718 expat: Fix of CVE-2022-43680

CVE-2022-43680: Fix overeager DTD destruction...

Expat XML Parser Remote Code Execution (CVE-2022-25236)

A remote code execution vulnerability exists in Expat XML Parser. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Expat 输入验证错误漏洞

Expat is a fast streaming XML parser written in C. A security vulnerability existed prior to Expat 2.4.5, which could be exploited by attackers to insert namespace separators into namespace URIs...

Security Bulletin: IBM Prospect is affected by Expat XML Parser vulnerability (CVE-2019-15903)

Summary Prospect Server is affected by Expat XML parsing vulnarability CVE-2019-15903 which may result in a heap-based buffer over-read. Vulnerability Details CVEID: CVE-2019-15903 DESCRIPTION: In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to...

Security Bulletin: Multiple Expat XML Parser vulnerabilities in Prospect

Summary There are potential multiple Expat xml parser vulnerabilities in Prospect Core 8.0.7 Server. Vulnerability Details CVEID: CVE-2012-0876 DESCRIPTION: Expat is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple...

Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the Expat XML parser (CVE-2016-0718)

Summary A vulnerability has been identified in the Expat XML parser, which affects IBM Security Access Manager appliances. Vulnerability Details CVEID: CVE-2016-0718 DESCRIPTION: Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By...

Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718)

Summary A security vulnerability has been discovered in Expat XML parser, which is used by IBM Security Network Protection. Vulnerability Details CVEID: CVE-2016-0718 DESCRIPTION: Expat is vulnerable to a buffer overflow, caused by improper bounds checking when processing malformed XML data. By...