Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-4472 (GCVE-0-2016-4472)
Vulnerability from cvelistv5 – Published: 2016-06-30 17:00 – Updated: 2024-08-06 00:32
VLAI?
EPSS
Summary
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/tns-2016-20 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1344251 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-3013-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/91528 | vdb-entryx_refsource_BID |
| https://sourceforge.net/p/expat/code_git/ci/f0bec… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201701-21 | vendor-advisoryx_refsource_GENTOO |
| https://kc.mcafee.com/corporate/index?page=conten… | x_refsource_CONFIRM |
Date Public ?
2016-05-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251"
},
{
"name": "USN-3013-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3013-1"
},
{
"name": "91528",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91528"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde"
},
{
"name": "GLSA-201701-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-31T07:06:45.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251"
},
{
"name": "USN-3013-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3013-1"
},
{
"name": "91528",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91528"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde"
},
{
"name": "GLSA-201701-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4472",
"datePublished": "2016-06-30T17:00:00.000Z",
"dateReserved": "2016-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:32:25.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2016-4472",
"date": "2026-05-24",
"epss": "0.02271",
"percentile": "0.84853"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.1.1\", \"matchCriteriaId\": \"468843CD-240A-47B9-B6C9-FD9B7D314A38\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\", \"matchCriteriaId\": \"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.5.1\", \"matchCriteriaId\": \"CB739B3A-20BB-4118-82DD-7ACFE5881FE2\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.7.0\", \"versionEndExcluding\": \"2.7.15\", \"matchCriteriaId\": \"CF6ABED2-9492-42E0-80A7-AB77C2900E9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.3.0\", \"versionEndExcluding\": \"3.3.7\", \"matchCriteriaId\": \"2E822AE7-709A-4DA4-B2C6-7A5968AE62FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.4.0\", \"versionEndExcluding\": \"3.4.7\", \"matchCriteriaId\": \"E65C03FE-52E0-477A-A104-8F2CC0EEE753\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.5.0\", \"versionEndExcluding\": \"3.5.4\", \"matchCriteriaId\": \"9C0FE3B2-27E6-4DA9-8479-B34E3014AC55\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.6.0\", \"versionEndExcluding\": \"3.6.2\", \"matchCriteriaId\": \"0AAF5776-8121-49B5-A6AE-815B7CCAC307\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.\"}, {\"lang\": \"es\", \"value\": \"La protecci\\u00f3n de desbordamiento en Expat es eliminada por los compiladores con ciertos ajustes de optimizaci\\u00f3n, lo que permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda) o posiblemente ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de datos XML manipulados. NOTA: esta vulnerabilidad existe debido a una soluci\\u00f3n incompleta para CVE-2015-1283 y CVE-2015-2716.\"}]",
"id": "CVE-2016-4472",
"lastModified": "2024-11-21T02:52:17.620",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2016-06-30T17:59:04.000",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/91528\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-3013-1\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1344251\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201701-21\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2016-20\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/91528\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.ubuntu.com/usn/USN-3013-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1344251\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201701-21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2016-20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-4472\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-06-30T17:59:04.000\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.\"},{\"lang\":\"es\",\"value\":\"La protecci\u00f3n de desbordamiento en Expat es eliminada por los compiladores con ciertos ajustes de optimizaci\u00f3n, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos XML manipulados. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2015-1283 y CVE-2015-2716.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1.1\",\"matchCriteriaId\":\"468843CD-240A-47B9-B6C9-FD9B7D314A38\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"CB66DB75-2B16-4EBF-9B93-CE49D8086E41\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.5.1\",\"matchCriteriaId\":\"CB739B3A-20BB-4118-82DD-7ACFE5881FE2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.7.0\",\"versionEndExcluding\":\"2.7.15\",\"matchCriteriaId\":\"CF6ABED2-9492-42E0-80A7-AB77C2900E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0\",\"versionEndExcluding\":\"3.3.7\",\"matchCriteriaId\":\"2E822AE7-709A-4DA4-B2C6-7A5968AE62FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.7\",\"matchCriteriaId\":\"E65C03FE-52E0-477A-A104-8F2CC0EEE753\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.0\",\"versionEndExcluding\":\"3.5.4\",\"matchCriteriaId\":\"9C0FE3B2-27E6-4DA9-8479-B34E3014AC55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.6.0\",\"versionEndExcluding\":\"3.6.2\",\"matchCriteriaId\":\"0AAF5776-8121-49B5-A6AE-815B7CCAC307\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/91528\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3013-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1344251\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-21\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-20\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/91528\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-3013-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1344251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201701-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2018-AVI-288
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus toutes versions ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-9233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2015-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2017-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
},
{
"name": "CVE-2015-5073",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
},
{
"name": "CVE-2017-7245",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
},
{
"name": "CVE-2016-9842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2014-9769",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2017-1000061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2016-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2012-6702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2014-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-8872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2015-8389",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
},
{
"name": "CVE-2017-5969",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-288",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-08 du 13 juin 2018",
"url": "https://www.tenable.com/security/tns-2018-08"
}
]
}
CERTFR-2018-AVI-293
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus Agent. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Agent | Nessus Agent versions 7.0.3 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Agent versions 7.0.3 et ant\u00e9rieures",
"product": {
"name": "Nessus Agent",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-9233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2015-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2017-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
},
{
"name": "CVE-2015-5073",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
},
{
"name": "CVE-2017-7245",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
},
{
"name": "CVE-2016-9842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2014-9769",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2017-1000061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2016-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2018-0733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0733"
},
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2012-6702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2014-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-8872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2015-8389",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
},
{
"name": "CVE-2017-5969",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-293",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nAgent. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-09 du 14 juin 2018",
"url": "https://www.tenable.com/security/tns-2018-09"
}
]
}
CERTFR-2018-AVI-288
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus toutes versions ant\u00e9rieures \u00e0 7.1.1",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-9233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2015-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2017-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
},
{
"name": "CVE-2015-5073",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
},
{
"name": "CVE-2017-7245",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
},
{
"name": "CVE-2016-9842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2014-9769",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2017-1000061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2016-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2012-6702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2014-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-8872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2015-8389",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
},
{
"name": "CVE-2017-5969",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-288",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-08 du 13 juin 2018",
"url": "https://www.tenable.com/security/tns-2018-08"
}
]
}
CERTFR-2018-AVI-293
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus Agent. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Agent | Nessus Agent versions 7.0.3 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Agent versions 7.0.3 et ant\u00e9rieures",
"product": {
"name": "Nessus Agent",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2017-9233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
},
{
"name": "CVE-2015-8383",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
},
{
"name": "CVE-2015-3217",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2017-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
},
{
"name": "CVE-2015-5073",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
},
{
"name": "CVE-2017-7245",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
},
{
"name": "CVE-2016-9842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2014-9769",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
},
{
"name": "CVE-2015-8381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
},
{
"name": "CVE-2017-1000061",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2015-8392",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
},
{
"name": "CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2016-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2015-8395",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2017-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2018-0733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0733"
},
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2012-6702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2014-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2015-8384",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
},
{
"name": "CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2015-8382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2017-8872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2015-8389",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
},
{
"name": "CVE-2017-5969",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-293",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nAgent. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-09 du 14 juin 2018",
"url": "https://www.tenable.com/security/tns-2018-09"
}
]
}
CERTFR-2026-AVI-0249
Vulnerability from certfr_avis - Published: 2026-03-06 - Updated: 2026-03-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.3.0 | ||
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Tivoli | Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de sécurité | ||
| IBM | Db2 | DB2 Recovery Expert versions antérieures à 5.5.0.1 Interim Fix 8 | ||
| IBM | Db2 | Db2 Warehouse on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | Db2 | Db2 on Cloud Pak for Data versions antérieures à 5.3.1 | ||
| IBM | QRadar | QRadar Pre-Validation App versions antérieures à 2.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.3.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Netcool/OMNIbus_GUI sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Recovery Expert versions ant\u00e9rieures \u00e0 5.5.0.1 Interim Fix 8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 5.3.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2025-53547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
},
{
"name": "CVE-2025-36353",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36353"
},
{
"name": "CVE-2026-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2026-21932",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"name": "CVE-2024-6531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13867"
},
{
"name": "CVE-2025-2668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2668"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-36427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36427"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2025-32386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2025-32421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-3154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3154"
},
{
"name": "CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2025-36098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36098"
},
{
"name": "CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2025-22091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22091"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2025-36247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36247"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-36009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36009"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2025-36070",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36070"
},
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2025-36428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36428"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2025-36424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36424"
},
{
"name": "CVE-2025-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36387"
},
{
"name": "CVE-2019-19921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19921"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27903"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-37958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37958"
},
{
"name": "CVE-2023-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2016-4472",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9042"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2025-57822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
},
{
"name": "CVE-2024-53113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53113"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2025-67779",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
},
{
"name": "CVE-2022-32743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32743"
},
{
"name": "CVE-2025-55183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2023-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22043"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2025-31133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
},
{
"name": "CVE-2024-36621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36621"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2025-55173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2022-40609",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
},
{
"name": "CVE-2018-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5764"
},
{
"name": "CVE-2024-50264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
},
{
"name": "CVE-2025-57752",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2025-38110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38110"
},
{
"name": "CVE-2020-15115",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15115"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2025-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22113"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
},
{
"name": "CVE-2025-37797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
},
{
"name": "CVE-2012-2098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2098"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-35887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35887"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2024-56332",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2026-25765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25765"
},
{
"name": "CVE-2025-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
},
{
"name": "CVE-2022-29458",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2025-38089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38089"
},
{
"name": "CVE-2023-2727",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2727"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-36425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36425"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2025-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22085"
},
{
"name": "CVE-2025-50537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50537"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21626"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2025-54410",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
},
{
"name": "CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-36001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36001"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2025-24294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2025-36365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36365"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2025-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27904"
},
{
"name": "CVE-2025-32387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2025-36442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36442"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-14689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14689"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-36366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36366"
},
{
"name": "CVE-2025-36123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36123"
},
{
"name": "CVE-2025-27900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27900"
},
{
"name": "CVE-2025-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0426"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27899",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27899"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2023-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22044"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-27901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27901"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2021-22570",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22570"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2025-27898",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27898"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2023-2728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2728"
},
{
"name": "CVE-2024-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7143"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2025-36407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36407"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-55184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2024-36623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36623"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2021-20251",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20251"
},
{
"name": "CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
}
],
"initial_release_date": "2026-03-06T00:00:00",
"last_revision_date": "2026-03-06T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0249",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262753",
"url": "https://www.ibm.com/support/pages/node/7262753"
},
{
"published_at": "2026-03-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262754",
"url": "https://www.ibm.com/support/pages/node/7262754"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262324",
"url": "https://www.ibm.com/support/pages/node/7262324"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262669",
"url": "https://www.ibm.com/support/pages/node/7262669"
},
{
"published_at": "2026-03-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262494",
"url": "https://www.ibm.com/support/pages/node/7262494"
},
{
"published_at": "2026-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262548",
"url": "https://www.ibm.com/support/pages/node/7262548"
},
{
"published_at": "2026-03-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7262325",
"url": "https://www.ibm.com/support/pages/node/7262325"
},
{
"published_at": "2026-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7259901",
"url": "https://www.ibm.com/support/pages/node/7259901"
}
]
}
CNVD-2016-04549
Vulnerability from cnvd - Published: 2016-07-06
VLAI Severity ?
Title
Expat执行任意代码漏洞
Description
Expat是美国软件开发者吉姆-克拉克所研发的一个基于C语言的XML解析器库。
Expat中存在安全漏洞,远程攻击者可借助特制的XML数据利用该漏洞造成拒绝服务(崩溃)或执行任意代码。
Severity
中
Patch Name
Expat执行任意代码漏洞的补丁
Patch Description
Expat是美国软件开发者吉姆-克拉克所研发的一个基于C语言的XML解析器库。
Expat中存在安全漏洞,远程攻击者可借助特制的XML数据利用该漏洞造成拒绝服务(崩溃)或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde
Reference
https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde
https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/
http://www.openwall.com/lists/oss-security/2016/06/04/6
http://www.ubuntu.com/usn/USN-3013-1
Impacted products
| Name | Expat Expat |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-4472"
}
},
"description": "Expat\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005\u5409\u59c6-\u514b\u62c9\u514b\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u57fa\u4e8eC\u8bed\u8a00\u7684XML\u89e3\u6790\u5668\u5e93\u3002\r\n\r\nExpat\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684XML\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "Expat",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-04549",
"openTime": "2016-07-06",
"patchDescription": "Expat\u662f\u7f8e\u56fd\u8f6f\u4ef6\u5f00\u53d1\u8005\u5409\u59c6-\u514b\u62c9\u514b\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u57fa\u4e8eC\u8bed\u8a00\u7684XML\u89e3\u6790\u5668\u5e93\u3002\r\n\r\nExpat\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684XML\u6570\u636e\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Expat\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Expat Expat"
},
"referenceLink": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde\r\nhttps://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/\t\r\nhttp://www.openwall.com/lists/oss-security/2016/06/04/6\t\r\nhttp://www.ubuntu.com/usn/USN-3013-1",
"serverity": "\u4e2d",
"submitTime": "2016-07-05",
"title": "Expat\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6f0f\u6d1e"
}
FKIE_CVE-2016-4472
Vulnerability from fkie_nvd - Published: 2016-06-30 17:59 - Updated: 2026-05-06 22:30
Severity ?
Summary
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "468843CD-240A-47B9-B6C9-FD9B7D314A38",
"versionEndIncluding": "2.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB739B3A-20BB-4118-82DD-7ACFE5881FE2",
"versionEndExcluding": "6.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF6ABED2-9492-42E0-80A7-AB77C2900E9A",
"versionEndExcluding": "2.7.15",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E822AE7-709A-4DA4-B2C6-7A5968AE62FD",
"versionEndExcluding": "3.3.7",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65C03FE-52E0-477A-A104-8F2CC0EEE753",
"versionEndExcluding": "3.4.7",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C0FE3B2-27E6-4DA9-8479-B34E3014AC55",
"versionEndExcluding": "3.5.4",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AAF5776-8121-49B5-A6AE-815B7CCAC307",
"versionEndExcluding": "3.6.2",
"versionStartIncluding": "3.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716."
},
{
"lang": "es",
"value": "La protecci\u00f3n de desbordamiento en Expat es eliminada por los compiladores con ciertos ajustes de optimizaci\u00f3n, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos XML manipulados. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2015-1283 y CVE-2015-2716."
}
],
"id": "CVE-2016-4472",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T17:59:04.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91528"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3013-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3013-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-855W-QG6F-FFH7
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07
VLAI?
Details
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2016-4472"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-06-30T17:59:00Z",
"severity": "HIGH"
},
"details": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.",
"id": "GHSA-855w-qg6f-ffh7",
"modified": "2022-05-13T01:07:38Z",
"published": "2022-05-13T01:07:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4472"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91528"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-3013-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2016-4472
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-4472",
"description": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.",
"id": "GSD-2016-4472",
"references": [
"https://www.suse.com/security/cve/CVE-2016-4472.html",
"https://www.debian.org/security/2016/dsa-3582",
"https://ubuntu.com/security/CVE-2016-4472"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-4472"
],
"details": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.",
"id": "GSD-2016-4472",
"modified": "2023-12-13T01:21:18.153362Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gentoo.org/glsa/201701-21",
"refsource": "MISC",
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
"refsource": "MISC",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
},
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "MISC",
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "http://www.securityfocus.com/bid/91528",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/91528"
},
{
"name": "http://www.ubuntu.com/usn/USN-3013-1",
"refsource": "MISC",
"url": "http://www.ubuntu.com/usn/USN-3013-1"
},
{
"name": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde",
"refsource": "MISC",
"url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.6.2",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.5.4",
"versionStartIncluding": "3.5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.4.7",
"versionStartIncluding": "3.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.7",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.7.15",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-4472"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3013-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-3013-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344251"
},
{
"name": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde"
},
{
"name": "91528",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91528"
},
{
"name": "GLSA-201701-21",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-21"
},
{
"name": "https://www.tenable.com/security/tns-2016-20",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2016-20"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-12T23:21Z",
"publishedDate": "2016-06-30T17:59Z"
}
}
}
OPENSUSE-SU-2024:10077-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
expat-2.2.0-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: expat-2.2.0-3.1 on GA media
Description of the patch: These are all security issues fixed in the expat-2.2.0-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10077
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
81 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "expat-2.2.0-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the expat-2.2.0-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10077",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10077-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2625 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-3560 page",
"url": "https://www.suse.com/security/cve/CVE-2009-3560/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-3720 page",
"url": "https://www.suse.com/security/cve/CVE-2009-3720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-0876 page",
"url": "https://www.suse.com/security/cve/CVE-2012-0876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1147 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1147/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-1148 page",
"url": "https://www.suse.com/security/cve/CVE-2012-1148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-6702 page",
"url": "https://www.suse.com/security/cve/CVE-2012-6702/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1283 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0718 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-4472 page",
"url": "https://www.suse.com/security/cve/CVE-2016-4472/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5300 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5300/"
}
],
"title": "expat-2.2.0-3.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10077-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.0-3.1.aarch64",
"product": {
"name": "expat-2.2.0-3.1.aarch64",
"product_id": "expat-2.2.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.0-3.1.aarch64",
"product": {
"name": "libexpat-devel-2.2.0-3.1.aarch64",
"product_id": "libexpat-devel-2.2.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.0-3.1.aarch64",
"product": {
"name": "libexpat-devel-32bit-2.2.0-3.1.aarch64",
"product_id": "libexpat-devel-32bit-2.2.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.0-3.1.aarch64",
"product": {
"name": "libexpat1-2.2.0-3.1.aarch64",
"product_id": "libexpat1-2.2.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.0-3.1.aarch64",
"product": {
"name": "libexpat1-32bit-2.2.0-3.1.aarch64",
"product_id": "libexpat1-32bit-2.2.0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.0-3.1.ppc64le",
"product": {
"name": "expat-2.2.0-3.1.ppc64le",
"product_id": "expat-2.2.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.0-3.1.ppc64le",
"product": {
"name": "libexpat-devel-2.2.0-3.1.ppc64le",
"product_id": "libexpat-devel-2.2.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"product": {
"name": "libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"product_id": "libexpat-devel-32bit-2.2.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.0-3.1.ppc64le",
"product": {
"name": "libexpat1-2.2.0-3.1.ppc64le",
"product_id": "libexpat1-2.2.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.0-3.1.ppc64le",
"product": {
"name": "libexpat1-32bit-2.2.0-3.1.ppc64le",
"product_id": "libexpat1-32bit-2.2.0-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.0-3.1.s390x",
"product": {
"name": "expat-2.2.0-3.1.s390x",
"product_id": "expat-2.2.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.0-3.1.s390x",
"product": {
"name": "libexpat-devel-2.2.0-3.1.s390x",
"product_id": "libexpat-devel-2.2.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.0-3.1.s390x",
"product": {
"name": "libexpat-devel-32bit-2.2.0-3.1.s390x",
"product_id": "libexpat-devel-32bit-2.2.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.0-3.1.s390x",
"product": {
"name": "libexpat1-2.2.0-3.1.s390x",
"product_id": "libexpat1-2.2.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.0-3.1.s390x",
"product": {
"name": "libexpat1-32bit-2.2.0-3.1.s390x",
"product_id": "libexpat1-32bit-2.2.0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.0-3.1.x86_64",
"product": {
"name": "expat-2.2.0-3.1.x86_64",
"product_id": "expat-2.2.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.0-3.1.x86_64",
"product": {
"name": "libexpat-devel-2.2.0-3.1.x86_64",
"product_id": "libexpat-devel-2.2.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.0-3.1.x86_64",
"product": {
"name": "libexpat-devel-32bit-2.2.0-3.1.x86_64",
"product_id": "libexpat-devel-32bit-2.2.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.0-3.1.x86_64",
"product": {
"name": "libexpat1-2.2.0-3.1.x86_64",
"product_id": "libexpat1-2.2.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.0-3.1.x86_64",
"product": {
"name": "libexpat1-32bit-2.2.0-3.1.x86_64",
"product_id": "libexpat1-32bit-2.2.0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64"
},
"product_reference": "expat-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le"
},
"product_reference": "expat-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x"
},
"product_reference": "expat-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64"
},
"product_reference": "expat-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x"
},
"product_reference": "libexpat-devel-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64"
},
"product_reference": "libexpat-devel-32bit-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le"
},
"product_reference": "libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x"
},
"product_reference": "libexpat-devel-32bit-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64"
},
"product_reference": "libexpat-devel-32bit-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64"
},
"product_reference": "libexpat1-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le"
},
"product_reference": "libexpat1-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x"
},
"product_reference": "libexpat1-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64"
},
"product_reference": "libexpat1-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64"
},
"product_reference": "libexpat1-32bit-2.2.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le"
},
"product_reference": "libexpat1-32bit-2.2.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x"
},
"product_reference": "libexpat1-32bit-2.2.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-2625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2625"
}
],
"notes": [
{
"category": "general",
"text": "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2625",
"url": "https://www.suse.com/security/cve/CVE-2009-2625"
},
{
"category": "external",
"summary": "SUSE Bug 525562 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/525562"
},
{
"category": "external",
"summary": "SUSE Bug 530717 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/530717"
},
{
"category": "external",
"summary": "SUSE Bug 534025 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/534025"
},
{
"category": "external",
"summary": "SUSE Bug 534721 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/534721"
},
{
"category": "external",
"summary": "SUSE Bug 537969 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/537969"
},
{
"category": "external",
"summary": "SUSE Bug 540945 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/540945"
},
{
"category": "external",
"summary": "SUSE Bug 548655 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/548655"
},
{
"category": "external",
"summary": "SUSE Bug 550664 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/550664"
},
{
"category": "external",
"summary": "SUSE Bug 553220 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/553220"
},
{
"category": "external",
"summary": "SUSE Bug 558892 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/558892"
},
{
"category": "external",
"summary": "SUSE Bug 581162 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/581162"
},
{
"category": "external",
"summary": "SUSE Bug 581765 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/581765"
},
{
"category": "external",
"summary": "SUSE Bug 610080 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/610080"
},
{
"category": "external",
"summary": "SUSE Bug 611931 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/611931"
},
{
"category": "external",
"summary": "SUSE Bug 611932 for CVE-2009-2625",
"url": "https://bugzilla.suse.com/611932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2009-2625"
},
{
"cve": "CVE-2009-3560",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-3560"
}
],
"notes": [
{
"category": "general",
"text": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-3560",
"url": "https://www.suse.com/security/cve/CVE-2009-3560"
},
{
"category": "external",
"summary": "SUSE Bug 550666 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/550666"
},
{
"category": "external",
"summary": "SUSE Bug 558892 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/558892"
},
{
"category": "external",
"summary": "SUSE Bug 561561 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/561561"
},
{
"category": "external",
"summary": "SUSE Bug 581162 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/581162"
},
{
"category": "external",
"summary": "SUSE Bug 581765 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/581765"
},
{
"category": "external",
"summary": "SUSE Bug 611931 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/611931"
},
{
"category": "external",
"summary": "SUSE Bug 694595 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/694595"
},
{
"category": "external",
"summary": "SUSE Bug 725950 for CVE-2009-3560",
"url": "https://bugzilla.suse.com/725950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-3560"
},
{
"cve": "CVE-2009-3720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-3720"
}
],
"notes": [
{
"category": "general",
"text": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-3720",
"url": "https://www.suse.com/security/cve/CVE-2009-3720"
},
{
"category": "external",
"summary": "SUSE Bug 534721 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/534721"
},
{
"category": "external",
"summary": "SUSE Bug 550664 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/550664"
},
{
"category": "external",
"summary": "SUSE Bug 550666 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/550666"
},
{
"category": "external",
"summary": "SUSE Bug 558892 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/558892"
},
{
"category": "external",
"summary": "SUSE Bug 561561 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/561561"
},
{
"category": "external",
"summary": "SUSE Bug 581162 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/581162"
},
{
"category": "external",
"summary": "SUSE Bug 581765 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/581765"
},
{
"category": "external",
"summary": "SUSE Bug 611931 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/611931"
},
{
"category": "external",
"summary": "SUSE Bug 725950 for CVE-2009-3720",
"url": "https://bugzilla.suse.com/725950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-3720"
},
{
"cve": "CVE-2012-0876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-0876"
}
],
"notes": [
{
"category": "general",
"text": "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-0876",
"url": "https://www.suse.com/security/cve/CVE-2012-0876"
},
{
"category": "external",
"summary": "SUSE Bug 750914 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/750914"
},
{
"category": "external",
"summary": "SUSE Bug 751464 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/751464"
},
{
"category": "external",
"summary": "SUSE Bug 751465 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/751465"
},
{
"category": "external",
"summary": "SUSE Bug 983215 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/983215"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2012-0876",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-0876"
},
{
"cve": "CVE-2012-1147",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1147"
}
],
"notes": [
{
"category": "general",
"text": "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1147",
"url": "https://www.suse.com/security/cve/CVE-2012-1147"
},
{
"category": "external",
"summary": "SUSE Bug 750914 for CVE-2012-1147",
"url": "https://bugzilla.suse.com/750914"
},
{
"category": "external",
"summary": "SUSE Bug 751464 for CVE-2012-1147",
"url": "https://bugzilla.suse.com/751464"
},
{
"category": "external",
"summary": "SUSE Bug 751465 for CVE-2012-1147",
"url": "https://bugzilla.suse.com/751465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-1147"
},
{
"cve": "CVE-2012-1148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-1148"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-1148",
"url": "https://www.suse.com/security/cve/CVE-2012-1148"
},
{
"category": "external",
"summary": "SUSE Bug 750914 for CVE-2012-1148",
"url": "https://bugzilla.suse.com/750914"
},
{
"category": "external",
"summary": "SUSE Bug 751464 for CVE-2012-1148",
"url": "https://bugzilla.suse.com/751464"
},
{
"category": "external",
"summary": "SUSE Bug 751465 for CVE-2012-1148",
"url": "https://bugzilla.suse.com/751465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-1148"
},
{
"cve": "CVE-2012-6702",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-6702"
}
],
"notes": [
{
"category": "general",
"text": "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-6702",
"url": "https://www.suse.com/security/cve/CVE-2012-6702"
},
{
"category": "external",
"summary": "SUSE Bug 983215 for CVE-2012-6702",
"url": "https://bugzilla.suse.com/983215"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2012-6702",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-6702"
},
{
"cve": "CVE-2015-1283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1283"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1283",
"url": "https://www.suse.com/security/cve/CVE-2015-1283"
},
{
"category": "external",
"summary": "SUSE Bug 1034050 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/1034050"
},
{
"category": "external",
"summary": "SUSE Bug 939077 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/939077"
},
{
"category": "external",
"summary": "SUSE Bug 979441 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/979441"
},
{
"category": "external",
"summary": "SUSE Bug 980391 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/980391"
},
{
"category": "external",
"summary": "SUSE Bug 983985 for CVE-2015-1283",
"url": "https://bugzilla.suse.com/983985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-1283"
},
{
"cve": "CVE-2016-0718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0718"
}
],
"notes": [
{
"category": "general",
"text": "Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0718",
"url": "https://www.suse.com/security/cve/CVE-2016-0718"
},
{
"category": "external",
"summary": "SUSE Bug 979441 for CVE-2016-0718",
"url": "https://bugzilla.suse.com/979441"
},
{
"category": "external",
"summary": "SUSE Bug 991809 for CVE-2016-0718",
"url": "https://bugzilla.suse.com/991809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0718"
},
{
"cve": "CVE-2016-4472",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-4472"
}
],
"notes": [
{
"category": "general",
"text": "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-4472",
"url": "https://www.suse.com/security/cve/CVE-2016-4472"
},
{
"category": "external",
"summary": "SUSE Bug 1034050 for CVE-2016-4472",
"url": "https://bugzilla.suse.com/1034050"
},
{
"category": "external",
"summary": "SUSE Bug 939077 for CVE-2016-4472",
"url": "https://bugzilla.suse.com/939077"
},
{
"category": "external",
"summary": "SUSE Bug 980391 for CVE-2016-4472",
"url": "https://bugzilla.suse.com/980391"
},
{
"category": "external",
"summary": "SUSE Bug 983985 for CVE-2016-4472",
"url": "https://bugzilla.suse.com/983985"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-4472"
},
{
"cve": "CVE-2016-5300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5300"
}
],
"notes": [
{
"category": "general",
"text": "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5300",
"url": "https://www.suse.com/security/cve/CVE-2016-5300"
},
{
"category": "external",
"summary": "SUSE Bug 983216 for CVE-2016-5300",
"url": "https://bugzilla.suse.com/983216"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:expat-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-5300"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…