Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
expat vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-9233
XML External Entity vulnerability in libexpat 2.2.0 and previous versions (Expat XML Parser Library) allows malicious users to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Libexpat Project Libexpat
Python Python
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2024-28757
libexpat up to and including 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
7.5
CVSSv3
CVE-2023-52425
libexpat up to and including 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Libexpat Project Libexpat
6 Github repositories
5.5
CVSSv3
CVE-2023-52426
libexpat up to and including 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
Libexpat Project Libexpat
5 Github repositories
NA
CVE-2012-1148
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat prior to 2.1.0 allows context-dependent malicious users to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expandi...
Libexpat Project Libexpat 2.0.0
Libexpat Project Libexpat 1.95.8
Libexpat Project Libexpat
Libexpat Project Libexpat 1.95.5
Libexpat Project Libexpat 1.95.4
Libexpat Project Libexpat 1.95.7
Libexpat Project Libexpat 1.95.6
Libexpat Project Libexpat 1.95.2
Libexpat Project Libexpat 1.95.1
Apple Mac Os X
NA
CVE-2009-3560
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent malicious users to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-re...
Libexpat Project Libexpat 2.0.1
Apache Http Server
NA
CVE-2009-2625
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote malicious users to cause a denial of service (infinite loop and application hang) via...
Oracle Jdk 1.5.0
Oracle Jdk 1.6.0
Fedoraproject Fedora 11
Fedoraproject Fedora 10
Opensuse Opensuse 11.1
Suse Linux Enterprise Server 9
Opensuse Opensuse 11.0
Opensuse Opensuse 11.2
Suse Linux Enterprise Server 10
Suse Linux Enterprise Server 11
Debian Debian Linux 5.0
Debian Debian Linux 4.0
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Oracle Primavera Web Services 7.0
Oracle Primavera Web Services 6.2.1
Oracle Primavera P6 Enterprise Project Portfolio Management 6.2.1
Oracle Primavera P6 Enterprise Project Portfolio Management 7.0
Oracle Primavera P6 Enterprise Project Portfolio Management 6.1
NA
CVE-2012-0876
The XML parser (xmlparse.c) in expat prior to 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via an XML file with many identifiers wit...
Libexpat Project Libexpat
Python Python
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Oracle Solaris 11.3
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server Aus 6.2
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Storage 2.0
Redhat Enterprise Linux Eus 6.2
NA
CVE-2009-3720
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent malicious users to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that t...
Libexpat Project Libexpat 2.0.1
Apache Http Server
7.5
CVSSv3
CVE-2016-5300
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix ...
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Libexpat Project Libexpat
Google Android 5.0.2
Google Android 6.0.1
Google Android 6.0
Google Android 4.4.4
Google Android 5.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »