97 matches found
OESA-2026-2500 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...
OESA-2026-2432 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...
CLSA-2026-1779359157 Fix CVE(s): CVE-2026-45186
SECURITY UPDATE: Denial of service via quadratic attribute-name collision check in libexpat before 2.8.1 - debian/patches/CVE-2026-45186.patch: introduce per-element defaultAttsNames hash table and use it for O1 attribute collision detection in defineAttribute - CVE-2026-45186...
Astra Linux - уязвимость в freeipa
A privilege escalation from the host to the domain vulnerability was identified in the FreeIPA project. By default, the FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account, allowing users to create services with the same canonical name as the REALM admin...
CLSA-2026-1779184141 expat: Fix of CVE-2026-45186
CVE-2026-45186: fix quadratic complexity in attribute name collision check...
CLSA-2026-1779183996 expat: Fix of CVE-2026-45186
CVE-2026-45186: fix quadratic complexity in attribute name collision check...
CLSA-2026-1779183767 expat: Fix of CVE-2026-45186
CVE-2026-45186: fix quadratic complexity in attribute name collision check...
CLSA-2026-1779183482 Fix CVE(s): CVE-2026-45186
SECURITY UPDATE: denial of service via On^2 attribute name collision check with moderately sized crafted XML input - debian/patches/CVE-2026-45186.patch: replace linear scan in defineAttribute with O1 hash table lookup using new ELEMENTTYPE.defaultAttsNames field in expat/lib/xmlparse.c -...
CLSA-2026-1779130424 expat: Fix of CVE-2026-45186
CVE-2026-45186: fix quadratic complexity in attribute name collision check...
CLSA-2026-1779129362 Fix CVE(s): CVE-2026-45186
SECURITY UPDATE: fix quadratic complexity in attribute name collision check - debian/patches/CVE-2026-45186.patch: fix quadratic complexity in attribute name collision check - CVE-2026-45186...
CLSA-2026-1779129222 Fix CVE(s): CVE-2026-45186
SECURITY UPDATE: fix quadratic complexity in attribute name collision check - debian/patches/CVE-2026-45186.patch: fix quadratic complexity in attribute name collision check - CVE-2026-45186...
Uncaught Exception
Overview org.webjars.npm:multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. A...
Uncaught Exception
Overview multiparty is a multipart/form-data parser which supports streaming Affected versions of this package are vulnerable to Uncaught Exception through the parsing of multipart/form-data requests containing field names that collide with inherited Object.prototype properties. An attacker can...
DEBIAN-CVE-2026-8161
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...
CVE-2026-8161
[email protected] and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.prototype property such as proto, constructor, or toString, the parser invokes .push on the inherited...
CVE-2026-45186
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...
ALPINE-CVE-2026-45186
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...
CVE-2026-45186
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...
CVE-2026-45186
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...
PT-2026-39462
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.1 Description The computational complexity of attribute name collision checks allows a denial of service when processing moderately sized crafted XML input. Recommendations Update to version 2.8.1 or later...