Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-1060)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-47547

GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score and thus not be pruned from the network even though it continuously misbehaves by never forwarding topic messages...

CVE-2022-47547

GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score and thus not be pruned from the network even though it continuously misbehaves by never forwarding topic messages...

GSD-2022-1008331 dm ioctl: fix misbehavior if list_versions races with module loading

dm ioctl: fix misbehavior if listversions races with module loading This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.334 by commit...

GSD-2022-1008277 dm ioctl: fix misbehavior if list_versions races with module loading

dm ioctl: fix misbehavior if listversions races with module loading This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.300 by commit...

GSD-2022-1008210 dm ioctl: fix misbehavior if list_versions races with module loading

dm ioctl: fix misbehavior if listversions races with module loading This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.267 by commit...

GSD-2022-1007690 dm ioctl: fix misbehavior if list_versions races with module loading

dm ioctl: fix misbehavior if listversions races with module loading This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...

CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

Ubuntu 16.04 ESM : curl vulnerability (USN-5702-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5702-2 advisory. USN-5702-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has extracted the...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.30398)

The version of AHV installed on the remote host is prior to 20201105.30398. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.30398 advisory. - In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames. CVE-2022-25315 - In Expat...

AZL-10529 CVE-2022-1705 affecting package golang for versions less than 1.18.5-1

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid...

Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID: CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a...

F5 Networks BIG-IP : Expat vulnerabilities (K91589041)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K91589041 advisory. CVE-2021-45960In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts...

Medium: expat

Issue Overview: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory. CVE-2021-45960 Affected Packages: expat Note: This advisory is applicable to Amazon...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Expat vulnerabilities (USN-5288-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5288-1 advisory. It was discovered that Expat incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or...

Debian DLA-2904-1 : expat - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2904 advisory. - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating to...

SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2022:0178-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0178-1 advisory. - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead t...

SUSE-SU-2022:0178-1 Security update for expat

This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior bsc1194251. - CVE-2021-46143: Fixed integer overflow in mgroupSize in doProlog bsc1194362. - CVE-2022-22822: Fixed integer overflow in...

OPENSUSE-SU-2022:0178-1 Security update for expat

This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior bsc1194251. - CVE-2021-46143: Fixed integer overflow in mgroupSize in doProlog bsc1194362. - CVE-2022-22822: Fixed integer overflow in...