EulerOS 2.0 SP12 : expat (EulerOS-SA-2025-1582)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an...

CVE-2020-2092

Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents...

CVE-2019-20343

The MojoHaus Exec Maven plugin 1.1.1 for Maven allows code execution via a crafted XML document because a configuration element within a plugin element can specify an arbitrary program in an executable element and can also specify arbitrary command-line arguments in an arguments element...

CVE-2012-2964

The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents...

FreeBSD : expat: improper restriction of xml entity expansion depth (8f71ad3b-14f5-11f0-87ba-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8f71ad3b-14f5-11f0-87ba-002590c1f29c advisory. [email protected] reports: A stack overflow vulnerability exists in the libexpat library due to the w...

libxml2: Use-After-Free in libxml2

A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...

XML Signature Manipulation

xml-crypto is vulnerable to an XML signature manipulation. The vulnerability is due to improper validation of signed XML documents, which allows an attacker to modify a signed XML message while still passing signature verification checks...

CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

CVE-2024-8176

CVE-2024-8176 describes a stack overflow in the libexpat XML parser caused by recursive entity expansion on deeply nested XML references. This can lead to DoS and, in some environments, memory corruption. Public details in the provided documents confirm affected component (libexpat) and the root ...

CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

PT-2025-11226

Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.7.0 Description Expat is a C library used for parsing XML documents. A stack overflow vulnerability exists due to improper restriction of XML entity expansion depth. This can occur when processing XML documents with...

CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be...

ALSA-2024:9502 Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: DoS via XMLResumeParser CVE-2024-50602 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

RHEL 8 : expat (RHSA-2024:6989)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6989 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490...

Moderate: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 9 : expat (RHSA-2024:6754)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6754 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: Negative Length Parsing Vulnerability in libexpat CVE-2024-45490...

Ubuntu 14.04 LTS / 16.04 LTS : XStream vulnerabilities (USN-6978-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6978-1 advisory. It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue ...

UBUNTU-CVE-2024-39126

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...