Astra Linux - уязвимость в firefox, thunderbird, expat, libxmltok

In xmlparse.c within Expat also known as libexpat, prior to version 2.4.5, attackers could insert namespace-separator characters into namespace URIs...

CentOS 9 : expat-2.2.10-10.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the expat-2.2.10-10.el9 build changelog. - malformed 2 CVE-2022-25235 - namespace-separator characters in xmlns:prefix attribute values can lead to arbitrary code execution...

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

SUSE CVE-2022-25236

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-1060)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.6 : expat (EulerOS-SA-2023-1060)

According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc...

AlmaLinux 8 : mingw-expat (ALSA-2022:7811)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7811 advisory. - Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function. CVE-2022-23990 - xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks...

RHEL 8 : mingw-expat (RHSA-2022:7811)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7811 advisory. Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. The following packag...

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

CLSA-2022-1660762248 Fixed 13 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

CLSA-2022-1660758476 Fixed 15 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

EulerOS Virtualization 2.9.0 : expat (EulerOS-SA-2022-2197)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character ...

EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-1786)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a...

EulerOS 2.0 SP3 : expat (EulerOS-SA-2022-1716)

According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g...

Oracle Linux 6 : expat (ELSA-2022-9359)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9359 advisory. - Prevent integer overflow in storeRawNames CVE-2022-25315Orabug: 34059442 - Add missing validation of encoding CVE-2022-25235Orabug: 34059442 Tenable...

F5 Networks BIG-IP : Expat vulnerabilities (K19473898)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K19473898 advisory. CVE-2022-23852Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for...

EulerOS 2.0 SP5 : expat (EulerOS-SA-2022-1529)

According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-1562)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : expat (RHSA-2022:1309)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1309 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code...