perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...

Important: Red Hat Security Advisory: perl-XML-Parser security update

An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the Utf8GraphQLParser parser. An attacker can cause the application to terminate unexpectedly and disrupt all active services by submitting a crafted GraphQL document with deeply nested selection sets, object...

ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents

Impact Hot Chocolate's Utf8GraphQLParser is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a StackOverflowException on payloads as small as 40 KB. Because...

GHSA-QR3M-XW4C-JQW3 ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents

Impact Hot Chocolate's Utf8GraphQLParser is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a StackOverflowException on payloads as small as 40 KB. Because...

binutils: Fix of CVE-2025-11082

CVE-2025-11082: fix heap-based buffer overflow in bfdelfparseehframe...

CLSA-2026-1776243051 expat: Fix of 2 CVEs

CVE-2022-25313: prevent stack exhaustion in buildmodel - CVE-2024-50602: make XMLStopParser refuse to stop/suspend an unstarted parser...

CLSA-2026-1776330599 python3.9: Fix of 11 CVEs

CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.opencode - CVE-2026-3479: reject invalid...

CVE-2024-2374

The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. ...

UEFI Firmware Parser has a heap out-of-bounds write in tiano decompressor ReadCLen

uefi-firmware contains a heap out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, ReadCLen reads Number = GetBitsSd, CBIT with CBIT = 9, so Number can be as large as 511, while the destination array Sd-mCLen has NC = 510 elements...

GHSA-2689-5P89-6J3J UEFI Firmware Parser has a stack out-of-bounds write in tiano decompressor MakeTable

uefi-firmware contains a stack out-of-bounds write vulnerability in the native tiano/EFI decompressor. in uefifirmware/compression/Tiano/Decompress.c, MakeTable does not validate that bit-length values read from the compressed bitstream are within the expected range 0..16. a crafted firmware blob...

RHEL 8 : perl-XML-Parser (RHSA-2026:8610)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8610 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

MiracleLinux 9 : perl-XML-Parser-2.46-9.1.el9_7 (AXSA:2026-436:01)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-436:01 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and...

RHEL 8 : perl-XML-Parser (RHSA-2026:8608)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8608 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

RHEL 8 : perl-XML-Parser (RHSA-2026:8609)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:8609 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

AlmaLinux 8 : perl-XML-Parser (ALSA-2026:7681)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:7681 advisory. perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files CVE-2006-10003 perl-xml-parser: XML::Parser for Perl: Heap corruption and deni...

PT-2026-33384

Name of the Vulnerable Software and Affected Versions Math.js versions 13.1.1 through 15.1.x Description An issue in the expression parser allows the execution of arbitrary JavaScript. This occurs in applications where users are permitted to evaluate arbitrary expressions using the mathjs...

WSO2 Identity Server和WSO2 API Manager Developer Portal 安全漏洞

WSO2 Identity Server IS and WSO2 API Manager Developer Portal are both products of the American company WSO2. WSO2 Identity Server is an identity authentication server. WSO2 API Manager Developer Portal is a developer portal platform. Both WSO2 Identity Server and WSO2 API Manager Developer Porta...