libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

OESA-2026-2431 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

OESA-2026-2430 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

EUVD-2026-28985

In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input...

PT-2026-31760

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...

SUSE-SU-2024:2963-1 Security update for osc

This update for osc fixes the following issues: 0.183.0 - Fix possibility to overwrite special files in .osc CVE-2024-22034 bsc1225911 Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. - Fix errorneous...

GHSA-V7M9-9497-P9GR Possible pod name collisions in jupyterhub-kubespawner

Impact What kind of vulnerability is it? Who is impacted? JupyterHub deployments using: - KubeSpawner = 0.11.1 e.g. zero-to-jupyterhub 0.9.0 and - enabled namedservers not default, and - an Authenticator that allows: - usernames with hyphens or other characters that require escape e.g. user-hyphe...

CVE-2015-5224

The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks...

CVE-2011-0040

The CVE-2011-0040 vulnerability affects Microsoft Active Directory on Windows Server 2003 SP2, where the server mishandles an update request for a Service Principal Name (SPN). This can allow remote attackers to cause a denial of service or authentication outage via crafted SPN update requests th...

Microsoft Active Directory SPN Validation Denial of Service (MS11-005; CVE-2011-0040)

A denial of service vulnerability has been reported in implementations of Microsoft Windows Active Directory due to improper validation of service principal names SPN, which could result in SPN collisions The vulnerability is due to an error in Active Directory that fails to properly process...