Linux Distros Unpatched Vulnerability : CVE-2021-38443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2023-52426 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-52426 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an XML entity expansion flaw if XMLDT...

Linux Distros Unpatched Vulnerability : CVE-2019-15903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to...

Linux Distros Unpatched Vulnerability : CVE-2017-5130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to...

Linux Distros Unpatched Vulnerability : CVE-2021-23792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML...

Linux Distros Unpatched Vulnerability : CVE-2012-0876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XML parser xmlparse.c in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows...

Linux Distros Unpatched Vulnerability : CVE-2015-2716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute...

Linux Distros Unpatched Vulnerability : CVE-2014-0191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7....

Linux Distros Unpatched Vulnerability : CVE-2016-5300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context- dependent attackers to cause a denial of service CPU...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in fast-xml-parser

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of fast-xml-parser. Vulnerability Details CVEID:CVE-2024-41818 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...

Azure Linux 3.0 Security Update: expat / python3 (CVE-2024-50602)

The version of expat / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50602 advisory. - An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2025-1188)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : expat (EulerOS-SA-2025-1155)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an...

[SECURITY] Fedora 40 Update: expat-2.6.4-1.fc40

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818.

Summary IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is...

Advisory ROSA-SA-2025-2604

software: expat 2.6.2 OS: ROSA-CHROME packageevrstring: expat-2.6.2-1 CVE-ID: CVE-2023-52426 BDU-ID: 2024-04334 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to improper restriction of recursive object references in DTDs. Exploitation of the...

Authentication Bypass

github.com/tyktechnologies/tyk-identity-broker is vulnerable to Authentication Bypass. The vulnerability is due to the Go XML parser not guaranteeing integrity during the XML round-trip encoding/decoding XML data, which allows for the bypassing of SAML authentication...

BIT-PYTHON-MIN-2024-50602

An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2025-1063)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have sam...

USN-7199-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2015-1283, CVE-2016-0718,...