RSS   Podatności dla 'Libexpat'   RSS

2022-01-10
 
CVE-2022-22822

CWE-190
 

 
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

 
 
CVE-2022-22823

CWE-190
 

 
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

 
 
CVE-2022-22824

CWE-190
 

 
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

 
 
CVE-2022-22825

CWE-190
 

 
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

 
 
CVE-2022-22826

CWE-190
 

 
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

 
 
CVE-2022-22827

CWE-190
 

 
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

 
2022-01-06
 
CVE-2021-46143

CWE-190
 

 
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

 
2019-09-04
 
CVE-2019-15903

CWE-611
 

 
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

 
2017-07-30
 
CVE-2017-11742

 

 
IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296.

 
2017-07-25
 
CVE-2017-9233

CWE-835
 

 
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

 


Copyright 2022, cxsecurity.com

 

Back to Top