| Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-0340 | 6.8 |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to i
|
13-02-2023 - 04:41 | 21-01-2014 - 18:55 | |
| CVE-2016-4472 | 6.8 |
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists b
|
12-02-2023 - 23:21 | 30-06-2016 - 17:59 | |
| CVE-2016-0718 | 7.5 |
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
|
12-02-2023 - 23:15 | 26-05-2016 - 16:59 | |
| CVE-2015-1283 | 6.8 |
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspec
|
05-07-2022 - 18:57 | 23-07-2015 - 00:59 | |
| CVE-2016-5300 | 7.8 |
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists beca
|
31-07-2021 - 08:15 | 16-06-2016 - 18:59 | |
| CVE-2012-6702 | 4.3 |
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
|
25-01-2021 - 15:44 | 16-06-2016 - 18:59 |