[SECURITY] Fedora 35 Update: mingw-expat-2.5.0-1.fc35

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 36 Update: mingw-expat-2.5.0-1.fc36

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Fedora: Security Advisory for mingw-expat (FEDORA-2022-c43235716e)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for mingw-expat (FEDORA-2022-dcb1d7bcb1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 37 Update: mingw-expat-2.4.9-1.fc37

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Security Bulletin: IBM Security Guardium is affected by a jsoup vulnerability (CVE-2021-37714)

Summary IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID:CVE-2021-37714 DESCRIPTION: jsoup is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause th...

SUSE-SU-2022:3884-1 Security update for expat

This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate bsc1204708...

MGASA-2022-0409 Updated expat packages fix security vulnerability

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680...

CLSA-2022-1667494718 expat: Fix of CVE-2022-43680

CVE-2022-43680: Fix overeager DTD destruction...

Exploit for Improper Verification of Cryptographic Signature in Passport-Saml_Project Passport-Saml

Exploiting CVE-2022-39299 Signature bypass via multiple ro...

Fedora: Security Advisory for mingw-expat (FEDORA-2022-c22feb71ba)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for mingw-expat (FEDORA-2022-d93b3bd8b9)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

expat: Integer overflow in function XML_GetBuffer

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

CVE-2022-43680

In CVE-2022-43680, libexpat up to version 2.4.9 contains a use-after-free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate during out-of-memory situations. The impact is rated High (Availability impact) with a CVSSv3.1 base score of 7.5 (Network attack vector, no ...

XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin

Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Topaz for Total Test - Execute Total Test scenarios' build step to have Jenkins parse a crafted XML...

GHSA-VHWV-8897-JM7Q XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin

Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control the input files for the 'Topaz for Total Test - Execute Total Test scenarios' build step to have Jenkins parse a crafted XML...

GHSA-2W2M-CCF8-57CQ XXE vulnerability in Jenkins REPO Plugin

REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control which repo binary is executed on agents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the...

CVE-2022-43430

Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43415

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

CVE-2022-43415

Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...