SUSE-SU-2026:1817-1 Security update for mozjs60

This update for mozjs60 fixes the following issues - CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. - CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing...

Security update for mozjs52

This update for mozjs52 fixes the following issues CVE-2026-32776: libexpat: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259728. CVE-2026-32777: libexpat: denial of service due to infinite loop in DTD content parsing bsc1259713...

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities due to libexpat (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778)

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by multiple vulnerabilities due to libexpat. Vulnerability Details CVEID:CVE-2026-32776 DESCRIPTION: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CWE:CWE-476: NULL...

MiracleLinux 7 : expat-2.1.0-15.0.1.el7.AXS7 (AXSA:2024-8927:07)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8927:07 advisory. CVE-2024-45490: Reject negative length for XMLParseBuffer in xmlparse.c CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms...

MiracleLinux 8 : expat-2.2.5-15.el8_10 (AXSA:2024-8843:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8843:06 advisory. libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490 libexpat: Integer Overflow or Wraparound CVE-2024-45491 libexpat: integer...

Alibaba Cloud Linux 3 : 0200: expat (ALINUX3-SA-2024:0200)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0200 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-45490: An issue was discovered in...

Tenable Nessus < 10.8.4 Multiple Vulnerabilities (TNS-2025-05)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-05 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference ...

Security Bulletin: Vulnerabilities in libexpat affects IBM watsonx Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in libexpat has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-45490 DESCRIPTION: libexpat could provide...

Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2024-759)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-759 advisory. libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

EulerOS 2.0 SP10 : xmlrpc-c (EulerOS-SA-2024-2919)

According to the versions of the xmlrpc-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libexpat before 2.6.3.xmlparse.c does not reject a negative length for XMLParseBuffer.CVE-2024-45490 An issue was...