Lucene search
K

23 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/27 8:5 a.m.18 views

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.13 views

CVE-2026-56406

A flaw was found in libexpat. An integer overflow vulnerability exists in the XMLParseBuffer function due to a missing check. This flaw could allow an attacker to cause memory corruption, potentially leading to arbitrary code execution, information disclosure, or a denial of service. Mitigation...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References4
NVD
NVD
added 2026/06/21 4:16 p.m.12 views

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 4:16 p.m.5 views

ALPINE-CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/21 3:48 p.m.7 views

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/21 3:48 p.m.37 views

CVE-2026-56406

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...

6.9CVSS0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51089

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj is a JSON parser and Object marshaller for Ruby. The Oj.load function is susceptible to heap corruption when processing a JSON string exceeding 2 GB. An integer overflow occurs within the buf append...

8.7CVSS5.9AI score0.00253EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/17 8:4 p.m.8 views

music-metadata has an infinite loop vulnerability in ASF parser

Summary music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Root Cause When objectSize is 0: 1. remaining = 0 - 24 = -24 2. tokenizer.ignore-24 moves the read position...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References4Affected Software1
SUSE Linux
SUSE Linux
added 2025/12/23 12:24 p.m.4 views

Security update for mozjs52

This update for mozjs52 fixes the following issues: CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart bsc1230038 CVE-2024-45490: Fixed negative len for...

8.2CVSS7.4AI score0.01686EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Incorrect Calculation of Buffer Size (CVE-2024-45490)

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

9.8CVSS6.8AI score0.01686EPSS
Exploits0References3
OSV
OSV
added 2025/10/31 9:17 a.m.6 views

CLSA-2025-1761902260 Fix CVE(s): CVE-2024-45490

SECURITY UPDATE: Improper restriction of XML External Entity Reference - debian/patches/CVE-2024-45490.patch: Reject negative len for XMLParseBuffer - CVE-2024-45490...

9.8CVSS7.3AI score0.01686EPSS
Exploits0References1
OSV
OSV
added 2025/02/03 8:54 a.m.6 views

SUSE-SU-2025:20045-1 Security update for expat

This update for expat fixes the following issues: - CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 - CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 - CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 - CVE-2024-28757: XML Entity...

9.8CVSS6.9AI score0.02006EPSS
Exploits1References9
SUSE Linux
SUSE Linux
added 2025/02/03 8:54 a.m.5 views

Security update for expat

This update for expat fixes the following issues: CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 CVE-2024-28757: XML Entity Expansion...

7.5CVSS7.6AI score0.02006EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.27 views

EulerOS 2.0 SP9 : xmlrpc-c (EulerOS-SA-2025-1067)

According to the versions of the xmlrpc-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer.CVE-2024-45490 An issue was...

9.8CVSS7.1AI score0.01686EPSS
Exploits0References3
Amazon
Amazon
added 2024/12/19 12:0 a.m.6 views

Important: expat

Issue Overview: An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer. CVE-2024-45490 Affected Packages: expat Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2...

9.8CVSS7AI score0.01686EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2024/10/07 12:16 p.m.4 views

Security update for mozjs115

This update for mozjs115 fixes the following issues: CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded...

6.9CVSS8AI score0.01686EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2024/09/24 1:24 a.m.6 views

libexpat: Negative Length Parsing Vulnerability in libexpat

A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XMLParseBuffer function...

9.8CVSS7.3AI score0.01686EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/09/18 12:1 p.m.4 views

libexpat: Negative Length Parsing Vulnerability in libexpat

A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XMLParseBuffer function...

9.8CVSS7.3AI score0.01686EPSS
Exploits0References7
OSV
OSV
added 2024/09/17 9:29 p.m.9 views

CLSA-2024-1726608591 expat: Fix of 3 CVEs

CVE-2024-45490: Reject negative length for XMLParseBuffer in xmlparse.c - CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...

9.8CVSS7.2AI score0.01686EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2024/09/13 7:0 a.m.6 views

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

...

9.8CVSS6.8AI score0.01686EPSS
Exploits0
Rows per page
Query Builder