Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expat vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2009-2473
neon prior to 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity ref...
Webdav Neon 0.28.6
1 EDB exploit
4.3
CVSSv2
CVE-2021-40439
Apache OpenOffice has a dependency on expat software. Versions before 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache Open...
Apache Openoffice
4.3
CVSSv2
CVE-2012-1147
readfilemap.c in expat prior to 2.1.0 allows context-dependent malicious users to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
Apple Mac Os X 10.11.1
Apple Mac Os X 10.11.0
Libexpat Project Libexpat 2.0.0
Libexpat Project Libexpat 1.95.8
Libexpat Project Libexpat 1.95.7
Libexpat Project Libexpat 1.95.6
Libexpat Project Libexpat 1.95.5
Libexpat Project Libexpat 1.95.4
Libexpat Project Libexpat 1.95.2
Libexpat Project Libexpat 1.95.1
Libexpat Project Libexpat
5
CVSSv2
CVE-2019-15903
In libexpat prior to 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Libexpat Project Libexpat
Python Python
6.8
CVSSv2
CVE-2013-0340
expat 2.1.0 and previous versions does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote malicious users to cause a denial of service (resource consumption), send HTTP requests to intranet server...
Libexpat Project Libexpat
Python Python
Apple Ipados
Apple Iphone Os
Apple Macos
Apple Watchos
Apple Tvos
2 Github repositories
4.6
CVSSv2
CVE-2017-11742
The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.
Libexpat Project Libexpat 2.2.1
Libexpat Project Libexpat 2.2.2
5
CVSSv2
CVE-2004-1378
The expat XML parser code, as used in the open source Jabber (jabberd) 1.4.3 and previous versions, jadc2s 0.9.0 and previous versions, and possibly other packages, allows remote malicious users to cause a denial of service (application crash) via a malformed packet to a socket t...
Jabberstudio Jabberd 1.4
Jabberstudio Jabberd 1.4.1
Jabberstudio Jabberd 1.4.2
Jabberstudio Jadc2s 0.6
Jabberstudio Jadc2s 0.7
Jabberstudio Jabberd 1.4.2a
Jabberstudio Jabberd 1.4.3
Jabberstudio Jadc2s 0.8
Jabberstudio Jadc2s 0.9
5
CVSSv2
CVE-2018-14647
Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's inte...
Python Python
Python Python 3.7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
6.8
CVSSv2
CVE-2016-4472
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete ...
Libexpat Project Libexpat
Canonical Ubuntu Linux 12.04
Mcafee Policy Auditor
Python Python
4.6
CVSSv2
CVE-2021-20099
Nessus Agent 8.2.4 and previous versions for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host. This is different than CVE-2021-20100.
Tenable Nessus
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »