RHEL 9 : perl-XML-Parser (RHSA-2026:7679)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7679 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

Medium: gstreamer1-plugins-good

Issue Overview: An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Affected Packages: gstreamer1-plugins-good Issue Correction: Run dnf update gstreamer1-plugins-good --releasever 2023.11.20260413 or dnf update --advisory ALAS2023-2026-1579...

PT-2026-32526

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-19 ImageMagick versions prior to 6.9.13-44 Description A stack overflow in the FX expression parser allows an attacker to crash the process by providing a deeply nested expression. Recommendations Update to...

HAProxy 安全漏洞

HAProxy is an open-source TCP/HTTP load balancing server developed by the French company HAProxy. This server provides layer-4 and layer-7 proxy services and can support thousands of connections. It features efficiency and stability. Prior to version 3.3.6, HAProxy had security vulnerabilities...

perl-XML-Parser security update

2.46-9.1.0.1 - Add perlLWP, perlURI, perlURI::file Requires 2.46-9.1 - Fix CVE-2006-10002, CVE-2006-10003...

RHEL 10 : perl-XML-Parser (RHSA-2026:7680)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7680 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark...

Oracle Linux 10 : perl-XML-Parser (ELSA-2026-7680)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-7680 advisory. 2.47-6.1.0.1 - Add perlLWP Requires 2.47-6.1 - Fix CVE-2006-10002, CVE-2006-10003 Tenable has extracted the preceding description block directly from...

ALSA-2026:7679 Important: perl-XML-Parser security update

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

ALSA-2026:7680 Important: perl-XML-Parser security update

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options...

Important: perl-XML-Parser

Issue Overview: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption double free or corruption and crashes. A :utf8 PerlIO layer, parsestream in Expat.xs could overflow the XML input buffer because Perl's read returns decoded characters...

Amazon Linux 2023 : gstreamer1-plugins-good, gstreamer1-plugins-good-gtk (ALAS2023-2026-1579)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1579 advisory. An out-of-bounds read in the WAV parser that can cause crashes for certain input files. CVE-2026-1940 Tenable has extracted the preceding description block directly from the tested product security...

RHEL 8 : perl-XML-Parser (RHSA-2026:7681)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:7681 advisory. This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark'...

PT-2026-32562

Name of the Vulnerable Software and Affected Versions jq versions prior to commit 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b Description CLI input parsing allows validation bypass via embedded NUL bytes when reading JSON from files or stdin. The software uses strlen to determine buffer length inste...

OESA-2026-1900 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2026-1882 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.CVE-2026-32776 libexpat...

perl-XML-Parser-2.570.0-1.1 on GA media (moderate)

perl-XML-Parser-2.570.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10527-1 Rating: moderate Cross-References: CVE-2006-10002 CVE-2006-10003 CVSS scores: CVE-2006-10002 SUSE : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H CVE-2006-10002 SUSE : 8.8...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Enterprise WebApps

Summary Multiple vulnerabilities were addressed in IBM Aspera Enterprise WebApps version 1.0.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

GHSA-JVFF-X2QM-6286 mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes

Impact This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. Patches The issue was introduced in mathjs v13.1.0, an...

mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes

Impact This security vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. Patches The issue was introduced in mathjs v13.1.0, an...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mathjs is a math library for JavaScript and Node.js. It features a flexible expression parser with support for symbolic computation, comes with a large set of built-in functions and constants, and offers an integrated solution to work with diff. Affected versions of this package are...