CentOS 9 : expat-2.2.10-10.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the expat-2.2.10-10.el9 build changelog. - malformed 2 CVE-2022-25235 - namespace-separator characters in xmlns:prefix attribute values can lead to arbitrary code execution...

RHEL 8 : mingw-expat (RHSA-2022:7811)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7811 advisory. Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. The following packag...

F5 Networks BIG-IP : Expat vulnerabilities (K19473898)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.9 / 16.1.4 / 17.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K19473898 advisory. CVE-2022-23852Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for...

RHEL 6 : expat (RHSA-2022:1309)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1309 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code...

expat security update

2.1.0-14.0.1 - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910302 2.1.0-14 - Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in 'xmlns:prefix' attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8...

expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution

A flaw was found in expat. Passing one or more namespace separator characters in the "xmlns:prefix" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:0824)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0824-1 advisory. - Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 - Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 - expat:...

RHEL 8 : firefox (RHSA-2022:0816)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0816 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Amazon Linux 2 : expat (ALAS-2022-1764)

The version of expat installed on the remote host is prior to 2.1.0-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1764 advisory. A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences for example, from start tag names to the XML...

CVE-2022-25236

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

CVE-2022-25236

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

EUVD-2022-29934

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...