1189 matches found
Azure Linux 3.0 Security Update: ruby / rubygem-rexml (CVE-2024-41946)
The version of ruby / rubygem-rexml installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-41946 advisory. - REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses a...
MiracleLinux 9 : expat-2.5.0-1.el9_3.1 (AXSA:2024-7643:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7643:01 advisory. expat: parsing large tokens can trigger a denial of service CVE-2023-52425 expat: XML Entity Expansion CVE-2024-28757 CVE-2023-52425 libexpat throug...
MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.322.b06-2.el8 (AXSA:2022-3023:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3023:02 advisory. OpenJDK: Incomplete deserialization class filtering in ObjectInputStream Serialization, 8264934 CVE-2022-21248 OpenJDK: Insufficient URI checks in t...
MiracleLinux 8 : python27:2.7 (AXSA:2024-8406:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8406:01 advisory. pypa-setuptools: Regular Expression Denial of Service ReDoS in packageindex.py CVE-2022-40897 python: use after free in heappushpop of heapq module...
MiracleLinux 8 : qt5-qtbase-5.12.5-6.el8, qt5-qttools-5.12.5-2.el8, qt5-qtwebsockets-5.12.5-2.el8 (AXSA:2021-1450:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1450:01 advisory. qt: XML entity expansion vulnerability CVE-2015-9541 qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages...
MiracleLinux 3 : neon-0.25.5-10AXS3.1 (AXSA:2009-403:02)
The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2009-403:02 advisory. neon is an HTTP and WebDAV client library, with a C interface; providing a high-level interface to HTTP and WebDAV methods along with a low-level...
MiracleLinux 8 : xmlrpc-c-1.51.0-11.el8_10 (AXSA:2025-9874:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9874:01 advisory. libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 Tenable has extracted the preceding description block directly...
MiracleLinux 9 : expat-2.5.0-5.el9_6 (AXSA:2025-10214:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10214:03 advisory. libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 Tenable has extracted the preceding description block directly...
MiracleLinux 8 : expat-2.2.5-17.el8_10 (AXSA:2025-9859:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9859:02 advisory. libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2024-8176 Tenable has extracted the preceding description block directly...
CVE-2022-26662
An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...
PT-2026-1173
CVE-2025-34137 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2025-34137 Published : Jan. 2, 2026, 5:15 p.m. | 14 minutes ago Description : Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. Severity: 0.0 | NA Visit the link for...
PT-2025-53396
CVE-2023-5092 - Apache HTTP Server XML Entity Injection CVE ID : CVE-2023-5092 Published : Dec. 23, 2025, 2:16 p.m. | 42 minutes ago Description : Rejected reason: This CVE id was assigned to an issue which was later deemed not security relevant. Severity: 0.0 | NA Visit the link for more details...
CVE-2025-68463
Biopython (Bio.Entrez) up to version 1.86 is affected by CVE-2025-68463, an XML external entity (XXE) vulnerability in Bio.Entrez that can arise from processing untrusted Doctype declarations. Affected component/file: Bio.Entrez in Biopython; root cause: improper handling of external entities lea...
libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...
libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...
Exploit for CVE-2025-66516
CVE-2025-66516 / CVE-2025-54988 - Apache Tika XXE Vulnerabilit...
libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...
libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...
Important: Red Hat Security Advisory: expat security update
An update for expat is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Security Bulletin: Security vulnerability has been found in IBM Application Gateway
Summary Security vulnerability has been addressed in IBM Application Gateway. Vulnerability Details CVEID:CVE-2023-52425 DESCRIPTION: libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple...