47 matches found
Astra Linux - уязвимость в firefox, thunderbird, expat
Expat also known as libexpat prior to version 2.4.4 has a signed integer overflow issue in XMLGetBuffer, especially for configurations where XMLCONTEXTBYTES is non-zero...
EUVD-2015-1424
Malware in sbrugna...
EUVD-2022-28778
Malicious code in bioql PyPI...
Ubuntu 16.04 ESM : VNC4 vulnerabilities (USN-4772-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4772-1 advisory. USN-2500-1 addressed CVE-2015-0255 for xorg-server. This update provides the corresponding fix for VNC4 on Ubuntu 14.04 ESM and Ubuntu 16.04 ESM...
Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2023-058)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-058 advisory. In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing...
K15104541: Expat XML library vulnerability CVE-2015-1283
Security Advisory Description Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact v...
SUSE CVE-2015-1283
Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted XML data, a related...
EulerOS Virtualization 3.0.2.6 : expat (EulerOS-SA-2023-1060)
According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc...
Security Bulletin: Due to use of Expat, IBM Tivoli Network Manager is vulnerable to arbiraty code execution (CVE-2022-23990 and CVE-2022-23852)
Summary When Expat also known as libexpat is used by IBM Tivoli Network Manager ITNM , it could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XMLGetBuffer function. By sending a specially-crafted request, an attacker could exploit this...
Tenable Nessus 10.x < 10.2.0 Third-Party Vulnerabilities (TNS-2022-11)
According to its self-reported version, the Tenable Nessus application running on the remote host is 10.x prior to 10.2.0. It is, therefore, affected by multiple vulnerabilities in third-party libraries, including: - An integer overflow in storeRawNames in Expat aka libexpat before 2.4.5...
EulerOS 2.0 SP3 : expat (EulerOS-SA-2022-1716)
According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g...
EulerOS 2.0 SP3 : xulrunner (EulerOS-SA-2022-1774)
According to the versions of the xulrunner package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-1645)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-1659)
According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. CVE-2022-23852 -...
EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-1645)
According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. CVE-2022-23852 -...
EulerOS Virtualization 2.9.1 : expat (EulerOS-SA-2022-1605)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc...
EulerOS Virtualization 2.9.0 : expat (EulerOS-SA-2022-1628)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-1425)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP9 : expat (EulerOS-SA-2022-1425)
According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g....
expat security update
2.1.0-14.0.1 - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910302 2.1.0-14 - Fix multiple CVEs - CVE-2022-25236 expat: namespace-separator characters in 'xmlns:prefix' attribute values can lead to arbitrary code execution - CVE-2022-25235 expat: malformed 2- and 3-byte UTF-8...