Important: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

UBUNTU-CVE-2026-41401

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata...

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

ImageMagick has a heap-Buffer-Overflow write of a single zero byte when parsing xml.

When Magick parses an XML file it is possible that a single zero byte is written out of the bounds...

CVE-2023-45208

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS)

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal ref property on entityref and entitydecl nodes causes a segmentation fault, potentially leading to a denial-of-service DoS...

EUVD-2024-36949

Malicious code in bioql PyPI...

CVE-2025-49794

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's...

expat security update

An update is available for expat. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat...

RHEL 8 : expat (RHSA-2024:6989)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6989 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490...

RHEL 9 : expat (RHSA-2024:6754)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6754 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490...

Low: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: REXML: DoS parsing an XML with many s in an attribute value CVE-2024-35176 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Denial of Service (DoS)

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Denial of Service DoS via the REXML gem, when parsing an XML document that has many specific characters such as whitespace character, and . Details Denial of Service DoS describes a family of attacks...

[SECURITY] Fedora 39 Update: mingw-expat-2.6.0-1.fc39

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Command injection

A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...

pki security update

CentOS Errata and Security Advisory CESA-2022:8799 An update for pki-core is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

Moderate: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] Fedora 37 Update: rubygem-nokogiri-1.13.10-1.fc37

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...

Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest...

EulerOS Virtualization 2.9.0 : libxml2 (EulerOS-SA-2021-2193)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed conten...