Advisory ROSA-SA-2025-2785

Software: xmlrpc-c 1.51.0 OS: ROSA Virtualization 3.0 packageevrstring: xmlrpc-c-1.51.0-10.0.1.rv30 CVE-ID: CVE-2023-52425 BDU-ID: 2024-01514 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the XML parser library libexpat is associated with uncontrolled resource consumption. Exploitation of the...

[SECURITY] Fedora 41 Update: expat-2.7.0-1.fc41

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

UBUNTU-CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

DEBIAN-CVE-2025-25292

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

UBUNTU-CVE-2025-25292

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely...

GHSA-754F-8GM6-C4R2 Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential)

Summary An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping...

CVE-2025-25291

ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely...

PT-2025-11127 · Ruby-Saml +3 · Ruby-Saml +3

Name of the Vulnerable Software and Affected Versions: ruby-saml versions prior to 1.12.4 and 1.18.0 Description: An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different...

libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD...

GHSA-47QW-CCJM-9C2C LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection

Description The LocalS3 project, which implements an S3-compatible storage interface, contains a critical XML External Entity XXE Injection vulnerability in its XML parsing functionality. When processing XML requests for multipart upload operations, the application accepts and processes XML...

LocalS3 XML Parser Vulnerable to XML External Entity (XXE) Injection

Description The LocalS3 project, which implements an S3-compatible storage interface, contains a critical XML External Entity XXE Injection vulnerability in its XML parsing functionality. When processing XML requests for multipart upload operations, the application accepts and processes XML...

Linux Distros Unpatched Vulnerability : CVE-2021-38443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser...

Linux Distros Unpatched Vulnerability : CVE-2021-38441

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML...

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2023-52426 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-52426 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an XML entity expansion flaw if XMLDT...

Linux Distros Unpatched Vulnerability : CVE-2019-15903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to...

Linux Distros Unpatched Vulnerability : CVE-2012-0876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XML parser xmlparse.c in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows...

Linux Distros Unpatched Vulnerability : CVE-2017-5130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to...

Linux Distros Unpatched Vulnerability : CVE-2021-23792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity XXE Injection due to an insecurely initialized XML...

Linux Distros Unpatched Vulnerability : CVE-2015-2716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute...

Linux Distros Unpatched Vulnerability : CVE-2016-5300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context- dependent attackers to cause a denial of service CPU...