Linux Distros Unpatched Vulnerability : CVE-2014-0191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7....

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in fast-xml-parser

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of fast-xml-parser. Vulnerability Details CVEID:CVE-2024-41818 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2025-1188)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Azure Linux 3.0 Security Update: expat / python3 (CVE-2024-50602)

The version of expat / python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50602 advisory. - An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser...

EulerOS 2.0 SP11 : expat (EulerOS-SA-2025-1155)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an...

[SECURITY] Fedora 40 Update: expat-2.6.4-1.fc40

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Security Bulletin: IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818.

Summary IBM Maximo Application Suite uses axios-1.7.2.tgz and fast-xml-parser-4.2.5.tgz which is vulnerable to CVE-2024-39338 and CVE-2024-41818. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is...

Advisory ROSA-SA-2025-2604

software: expat 2.6.2 OS: ROSA-CHROME packageevrstring: expat-2.6.2-1 CVE-ID: CVE-2023-52426 BDU-ID: 2024-04334 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the libexpat XML file parsing library is related to improper restriction of recursive object references in DTDs. Exploitation of the...

Authentication Bypass

github.com/tyktechnologies/tyk-identity-broker is vulnerable to Authentication Bypass. The vulnerability is due to the Go XML parser not guaranteeing integrity during the XML round-trip encoding/decoding XML data, which allows for the bypassing of SAML authentication...

BIT-PYTHON-MIN-2024-50602

An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an unstarted parser...

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2025-1063)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have sam...

USN-7199-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2015-1283, CVE-2016-0718,...

EulerOS 2.0 SP10 : expat (EulerOS-SA-2025-1003)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser can stop/suspend an...

SUSE-SU-2024:4411-1 Security update for mozjs115

This update for mozjs115 fixes the following issues: - CVE-2024-11498: Fixed resource exhaustion via Stack overflow in libjxl bsc1233786 - CVE-2024-11403: Fixed out of Bounds Memory Read/Write in libjxl bsc1233766 - CVE-2024-50602: Fixed DoS via XMLResumeParser in libexpat bsc1232602...

CVE-2024-56356

In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack...

REXML denial of service vulnerability

...

SUSE CVE-2024-46455

unstructured v.0.14.2 and before is vulnerable to XML External Entity XXE via the XMLParser...

RHEL 9 : expat (RHSA-2024:11200)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11200 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: DoS via XMLResumeParser CVE-2024-50602 For more details about the...

Moderate: Red Hat Security Advisory: expat security update

An update for expat is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

USN-7146-1: Dogtag PKI vulnerabilities

Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. CVE-2017-753...