[SECURITY] Fedora 41 Update: mingw-expat-2.6.4-1.fc41

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 40 Update: mingw-expat-2.6.4-1.fc40

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 39 Update: mingw-expat-2.6.3-2.fc39

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Moderate: expat security update

Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: DoS via XMLResumeParser CVE-2024-50602 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

RHEL 8 : expat (RHSA-2024:9502)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9502 advisory. Expat is a C library for parsing XML documents. Security Fixes: libexpat: expat: DoS via XMLResumeParser CVE-2024-50602 For more details about the...

RHEL 6 : openstack-nova (RHSA-2013:1199)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1199 advisory. The openstack-nova packages provide OpenStack Compute Nova, which provides services for provisioning, managing, and using virtual machine...

Exploit for CVE-2024-51132

CVE-2024-51132-POC Vulnerability Type XXE - XML Externa...

OESA-2024-2311 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: An issue was discovered in libexpat before 2.6.4. There is a crash within the XMLResumeParser function because XMLStopParser...

Security Bulletin: Apache Xerces vulnerability Affects IBM Jazz Reporting Service

Summary Apache Xerces-J XML parser XML4J shipped with IBM Jazz Reporting Service is vulnerable to a denial of service attack that can be triggered by malformed XML data. Vulnerability Details CVEID:CVE-2020-14338 DESCRIPTION: Wildfly could allow a remote attacker to bypass security restrictions,...

[SECURITY] Fedora 39 Update: expat-2.6.3-1.fc39

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 41 Update: expat-2.6.3-1.fc41

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 39 Update: mingw-expat-2.6.3-1.fc39

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a Denial of Service (CVE-2024-41818)

Summary There is a vulnerability in fast-xml-parser used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2024-41818 DESCRIPTION: Natural Intelligence fast-xml-parser is...

CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

OESA-2024-2038 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an...

AZL-48156 CVE-2024-43398 affecting package rubygem-rexml for versions less than 3.3.9-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability...

ROS-20240820-04

Vulnerability in XML parser library libexpat is related to uncontrolled consumption of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to denial of service due to fast-xml-parser ( CVE-2023-34104 )

Summary Package fast-xml-parser is used by IBM Cloud Pak for Data. CVE-2023-34104. Vulnerability Details CVEID:CVE-2023-34104 DESCRIPTION: Natural Intelligence fast-xml-parser is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the Doctype Entities...

Journyx Unauthenticated XML External Entities Injection

Vulnerability Details Affected Vendor: Journyx Affected Product: Journyx jtime Affected Version: 11.5.4 Platform: GNU/Linux CWE Classification: CWE-611: Improper Restriction of XML External Entity Reference CVE ID: CVE-2024-6893 2. Vulnerability Description The "soapcgi.pyc" API handler allows...

Important: Red Hat Security Advisory: OpenShift Virtualization 4.16.1 Images security update

Red Hat OpenShift Virtualization release 4.16.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...