EUVD-2017-0174

Malware in sbrugna...

Azure Linux 3.0 Security Update: expat / python3 (CVE-2024-28757)

The version of expat / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28757 advisory. - libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external...

EulerOS Virtualization 2.12.1 : expat (EulerOS-SA-2024-2304)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1905)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1956)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : expat (EulerOS-SA-2024-1881)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for...

RHEL 9 : expat (RHSA-2024:1530)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1530 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: parsing large tokens can trigger a denial of service CVE-2023-52425...

SUSE: Security Advisory (SUSE-SU-2014:0265-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-15160

The CVE-2019-15160 entry concerns the SweetXml (aka sweet_xml) package for Erlang and Elixir, affected through version 0.6.6. The root cause is an XML entity expansion (XML bomb) vulnerability involving an inline DTD, which allows an attacker to cause resource consumption leading to denial of ser...

CVE-2014-8090 ruby: REXML incomplete fix for CVE-2014-8080

The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service CPU and memory consumption a crafted XML document containing an empty string in an entity that is used in a large number of...

Design/Logic Flaw

The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service memory consumption via a crafted XML document, aka an XML Entity Expansion XEE attack...

CVE-2013-1812

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...

CVE-2013-1812

The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service CPU consumption via 1 a large XRDS document or 2 an XML Entity Expansion XEE attack...