Debian DLA-2935-1 : expat - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2935 advisory. - Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. CVE-2022-23852 - xmltokimpl.c i...

Amazon Linux 2 : expat (ALAS-2022-1754)

The version of expat installed on the remote host is prior to 2.1.0-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1754 advisory. expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML...

SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2022:0498-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0498-1 advisory. - Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero...

SUSE-SU-2022:0498-1 Security update for expat

This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XMLGetBuffer bsc1195054. - CVE-2022-23990: Fixed integer overflow in the doProlog function bsc1195217...

OPENSUSE-SU-2022:0498-1 Security update for expat

This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XMLGetBuffer bsc1195054. - CVE-2022-23990: Fixed integer overflow in the doProlog function bsc1195217...

SUSE: Security Advisory (SUSE-SU-2022:14884-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0048 Updated expat packages fix security vulnerability

Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. CVE-2022-23852 Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function. CVE-2022-23990...

Updated expat packages fix security vulnerability

Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. CVE-2022-23852 Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function. CVE-2022-23990...

Debian DLA-2904-1 : expat - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2904 advisory. - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating to...

[slackware-security] expat

New expat packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/expat-2.4.3-i586-2slack14.2.txz: Rebuilt. Fix signed integer overflow in function XMLGetBuffer for when XMLCONTEXTBYTES i...

CVE-2022-23852

Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES...

CVE-2022-23852

Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES...

PT-2023-13229

Name of the Vulnerable Software and Affected Versions Libsndfile affected versions not specified Description The issue is related to multiple signed integers overflow in the au read header function in src/au.c and in the mat4 open and mat4 read header functions in src/mat4.c of Libsndfile. This...

Fix of CVE: CVE-2020-10543

CVE-2020-10543: fix signed integer overflow leading to heap buffer overrun...

Fix of CVE: CVE-2021-33574, CVE-2021-35942, CVE-2021-38604

Adopt pthreadattrcopy functionality, test case is included - CVE-2021-33574: avoid use-after-free vulnerability - CVE-2021-35942: avoid out-of-bounds read via signed integer overflow in array index - CVE-2021-38604: considered. No NULL pointer dereference is possible...

CVE-2021-31227

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...

CVE-2021-31227

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...

Heap overflow

An issue was discovered in HCC embedded InterNiche 4.0.1. A potential heap buffer overflow exists in the code that parses the HTTP POST request, due to an incorrect signed integer comparison. This vulnerability requires the attacker to send a malformed HTTP packet with a negative Content-Length,...

Integer overflow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.504.2.el7 - md/raid1: properly indicate failure when ending a failed write request Paul Clements Orabug: 32887159 - video: hypervfb: Add ratelimit on error message Michael Kelley Orabug: 32856879 - Drivers: hv: vmbus: Initialize unloadevent statically Andrea Parri Microsoft Orabug:...