Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-1147
Vulnerability from cvelistv5
Published
2012-07-03 19:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:45:27.392Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.apple.com/HT205637", }, { name: "1034344", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034344", }, { name: "52379", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/52379", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { name: "APPLE-SA-2015-12-08-3", tags: [ "vendor-advisory", "x_refsource_APPLE", "x_transferred", ], url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://trac.wxwidgets.org/ticket/11432", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://trac.wxwidgets.org/ticket/11194", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-03-09T00:00:00", descriptions: [ { lang: "en", value: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-12T09:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.apple.com/HT205637", }, { name: "1034344", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034344", }, { name: "52379", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/52379", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { name: "APPLE-SA-2015-12-08-3", tags: [ "vendor-advisory", "x_refsource_APPLE", ], url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { tags: [ "x_refsource_MISC", ], url: "http://trac.wxwidgets.org/ticket/11432", }, { tags: [ "x_refsource_MISC", ], url: "http://trac.wxwidgets.org/ticket/11194", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-1147", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/HT205637", refsource: "CONFIRM", url: "https://support.apple.com/HT205637", }, { name: "1034344", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034344", }, { name: "52379", refsource: "BID", url: "http://www.securityfocus.com/bid/52379", }, { name: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", refsource: "CONFIRM", url: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", }, { name: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", refsource: "CONFIRM", url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { name: "APPLE-SA-2015-12-08-3", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { name: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", refsource: "CONFIRM", url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { name: "http://trac.wxwidgets.org/ticket/11432", refsource: "MISC", url: "http://trac.wxwidgets.org/ticket/11432", }, { name: "http://trac.wxwidgets.org/ticket/11194", refsource: "MISC", url: "http://trac.wxwidgets.org/ticket/11194", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-1147", datePublished: "2012-07-03T19:00:00", dateReserved: "2012-02-14T00:00:00", dateUpdated: "2024-08-06T18:45:27.392Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2012-1147\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-07-03T19:55:02.663\",\"lastModified\":\"2024-11-21T01:36:32.140\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.\"},{\"lang\":\"es\",\"value\":\"readfilemap.c en expat antes de v2.1.0 permite causar una denegación de servicio (por consumo de descriptores de fichero) a atacantes dependientes de contexto a través de un gran número de archivos XML hechos a mano.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDDDDC59-E784-4C8B-BDAD-55D8322138EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"751EE7FE-D5C1-403A-AA93-B9B8BD53953F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.1\",\"matchCriteriaId\":\"0B298040-6E60-4701-9F0A-E57CDD3CFA83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"055C8DC2-8840-4758-9F3F-21EEF87845DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64E471EF-41A9-491F-B032-568723816ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9F94DC5-6A6C-4DB4-A6FA-CDF786AC8E0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19EC2420-0140-4233-A766-8D3D9B0933B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"572CC266-7C6B-46FE-963F-B457A387B24A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B354846-9F53-4D07-B34E-F8BB63836299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0B6B5BF-5A76-46B9-BD7B-679F28821CD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"843ADBBB-69DE-4128-A1B0-BCA3E85DC6BA\"}]}]}],\"references\":[{\"url\":\"http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/projects/expat/files/expat/2.1.0/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://trac.wxwidgets.org/ticket/11194\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://trac.wxwidgets.org/ticket/11432\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/52379\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1034344\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT205637\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/projects/expat/files/expat/2.1.0/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://trac.wxwidgets.org/ticket/11194\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://trac.wxwidgets.org/ticket/11432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/52379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT205637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}", }, }
ghsa-c8m9-hqfc-w4mm
Vulnerability from github
Published
2022-05-13 01:12
Modified
2022-05-13 01:12
Details
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
{ affected: [], aliases: [ "CVE-2012-1147", ], database_specific: { cwe_ids: [ "CWE-20", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2012-07-03T19:55:00Z", severity: "MODERATE", }, details: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", id: "GHSA-c8m9-hqfc-w4mm", modified: "2022-05-13T01:12:02Z", published: "2022-05-13T01:12:02Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2012-1147", }, { type: "WEB", url: "https://support.apple.com/HT205637", }, { type: "WEB", url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { type: "WEB", url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { type: "WEB", url: "http://sourceforge.net/projects/expat/files/expat/2.1.0", }, { type: "WEB", url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { type: "WEB", url: "http://trac.wxwidgets.org/ticket/11194", }, { type: "WEB", url: "http://trac.wxwidgets.org/ticket/11432", }, { type: "WEB", url: "http://www.securityfocus.com/bid/52379", }, { type: "WEB", url: "http://www.securitytracker.com/id/1034344", }, ], schema_version: "1.4.0", severity: [], }
opensuse-su-2024:10077-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
expat-2.2.0-3.1 on GA media
Notes
Title of the patch
expat-2.2.0-3.1 on GA media
Description of the patch
These are all security issues fixed in the expat-2.2.0-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10077
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "expat-2.2.0-3.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the expat-2.2.0-3.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10077", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10077-1.json", }, { category: "self", summary: "SUSE CVE CVE-2009-2625 page", url: "https://www.suse.com/security/cve/CVE-2009-2625/", }, { category: "self", summary: "SUSE CVE CVE-2009-3560 page", url: "https://www.suse.com/security/cve/CVE-2009-3560/", }, { category: "self", summary: "SUSE CVE CVE-2009-3720 page", url: "https://www.suse.com/security/cve/CVE-2009-3720/", }, { category: "self", summary: "SUSE CVE CVE-2012-0876 page", url: "https://www.suse.com/security/cve/CVE-2012-0876/", }, { category: "self", summary: "SUSE CVE CVE-2012-1147 page", url: "https://www.suse.com/security/cve/CVE-2012-1147/", }, { category: "self", summary: "SUSE CVE CVE-2012-1148 page", url: "https://www.suse.com/security/cve/CVE-2012-1148/", }, { category: "self", summary: "SUSE CVE CVE-2012-6702 page", url: "https://www.suse.com/security/cve/CVE-2012-6702/", }, { category: "self", summary: "SUSE CVE CVE-2015-1283 page", url: "https://www.suse.com/security/cve/CVE-2015-1283/", }, { category: "self", summary: "SUSE CVE CVE-2016-0718 page", url: "https://www.suse.com/security/cve/CVE-2016-0718/", }, { category: "self", summary: "SUSE CVE CVE-2016-4472 page", url: "https://www.suse.com/security/cve/CVE-2016-4472/", }, { category: "self", summary: "SUSE CVE CVE-2016-5300 page", url: "https://www.suse.com/security/cve/CVE-2016-5300/", }, ], title: "expat-2.2.0-3.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10077-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "expat-2.2.0-3.1.aarch64", product: { name: "expat-2.2.0-3.1.aarch64", product_id: "expat-2.2.0-3.1.aarch64", }, }, { category: "product_version", name: "libexpat-devel-2.2.0-3.1.aarch64", product: { name: "libexpat-devel-2.2.0-3.1.aarch64", product_id: "libexpat-devel-2.2.0-3.1.aarch64", }, }, { category: "product_version", name: "libexpat-devel-32bit-2.2.0-3.1.aarch64", product: { name: "libexpat-devel-32bit-2.2.0-3.1.aarch64", product_id: "libexpat-devel-32bit-2.2.0-3.1.aarch64", }, }, { category: "product_version", name: "libexpat1-2.2.0-3.1.aarch64", product: { name: "libexpat1-2.2.0-3.1.aarch64", product_id: "libexpat1-2.2.0-3.1.aarch64", }, }, { category: "product_version", name: "libexpat1-32bit-2.2.0-3.1.aarch64", product: { name: "libexpat1-32bit-2.2.0-3.1.aarch64", product_id: "libexpat1-32bit-2.2.0-3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "expat-2.2.0-3.1.ppc64le", product: { name: "expat-2.2.0-3.1.ppc64le", product_id: "expat-2.2.0-3.1.ppc64le", }, }, { category: "product_version", name: "libexpat-devel-2.2.0-3.1.ppc64le", product: { name: "libexpat-devel-2.2.0-3.1.ppc64le", product_id: "libexpat-devel-2.2.0-3.1.ppc64le", }, }, { category: "product_version", name: "libexpat-devel-32bit-2.2.0-3.1.ppc64le", product: { name: "libexpat-devel-32bit-2.2.0-3.1.ppc64le", product_id: "libexpat-devel-32bit-2.2.0-3.1.ppc64le", }, }, { category: "product_version", name: "libexpat1-2.2.0-3.1.ppc64le", product: { name: "libexpat1-2.2.0-3.1.ppc64le", product_id: "libexpat1-2.2.0-3.1.ppc64le", }, }, { category: "product_version", name: "libexpat1-32bit-2.2.0-3.1.ppc64le", product: { name: "libexpat1-32bit-2.2.0-3.1.ppc64le", product_id: "libexpat1-32bit-2.2.0-3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "expat-2.2.0-3.1.s390x", product: { name: "expat-2.2.0-3.1.s390x", product_id: "expat-2.2.0-3.1.s390x", }, }, { category: "product_version", name: "libexpat-devel-2.2.0-3.1.s390x", product: { name: "libexpat-devel-2.2.0-3.1.s390x", product_id: "libexpat-devel-2.2.0-3.1.s390x", }, }, { category: "product_version", name: "libexpat-devel-32bit-2.2.0-3.1.s390x", product: { name: "libexpat-devel-32bit-2.2.0-3.1.s390x", product_id: "libexpat-devel-32bit-2.2.0-3.1.s390x", }, }, { category: "product_version", name: "libexpat1-2.2.0-3.1.s390x", product: { name: "libexpat1-2.2.0-3.1.s390x", product_id: "libexpat1-2.2.0-3.1.s390x", }, }, { category: "product_version", name: "libexpat1-32bit-2.2.0-3.1.s390x", product: { name: "libexpat1-32bit-2.2.0-3.1.s390x", product_id: "libexpat1-32bit-2.2.0-3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "expat-2.2.0-3.1.x86_64", product: { name: "expat-2.2.0-3.1.x86_64", product_id: "expat-2.2.0-3.1.x86_64", }, }, { category: "product_version", name: "libexpat-devel-2.2.0-3.1.x86_64", product: { name: "libexpat-devel-2.2.0-3.1.x86_64", product_id: "libexpat-devel-2.2.0-3.1.x86_64", }, }, { category: "product_version", name: "libexpat-devel-32bit-2.2.0-3.1.x86_64", product: { name: "libexpat-devel-32bit-2.2.0-3.1.x86_64", product_id: "libexpat-devel-32bit-2.2.0-3.1.x86_64", }, }, { category: "product_version", name: "libexpat1-2.2.0-3.1.x86_64", product: { name: "libexpat1-2.2.0-3.1.x86_64", product_id: "libexpat1-2.2.0-3.1.x86_64", }, }, { category: "product_version", name: "libexpat1-32bit-2.2.0-3.1.x86_64", product: { name: "libexpat1-32bit-2.2.0-3.1.x86_64", product_id: "libexpat1-32bit-2.2.0-3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "expat-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", }, product_reference: "expat-2.2.0-3.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "expat-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", }, product_reference: "expat-2.2.0-3.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "expat-2.2.0-3.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", }, product_reference: "expat-2.2.0-3.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "expat-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", }, product_reference: "expat-2.2.0-3.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat-devel-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", }, product_reference: "libexpat-devel-2.2.0-3.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat-devel-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", }, product_reference: "libexpat-devel-2.2.0-3.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat-devel-2.2.0-3.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", }, product_reference: "libexpat-devel-2.2.0-3.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat-devel-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", }, product_reference: "libexpat-devel-2.2.0-3.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat-devel-32bit-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", }, product_reference: "libexpat-devel-32bit-2.2.0-3.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat-devel-32bit-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", }, product_reference: "libexpat-devel-32bit-2.2.0-3.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat-devel-32bit-2.2.0-3.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", }, product_reference: "libexpat-devel-32bit-2.2.0-3.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat-devel-32bit-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", }, product_reference: "libexpat-devel-32bit-2.2.0-3.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat1-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", }, product_reference: "libexpat1-2.2.0-3.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat1-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", }, product_reference: "libexpat1-2.2.0-3.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat1-2.2.0-3.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", }, product_reference: "libexpat1-2.2.0-3.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat1-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", }, product_reference: "libexpat1-2.2.0-3.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat1-32bit-2.2.0-3.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", }, product_reference: "libexpat1-32bit-2.2.0-3.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat1-32bit-2.2.0-3.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", }, product_reference: "libexpat1-32bit-2.2.0-3.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat1-32bit-2.2.0-3.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", }, product_reference: "libexpat1-32bit-2.2.0-3.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libexpat1-32bit-2.2.0-3.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", }, product_reference: "libexpat1-32bit-2.2.0-3.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2009-2625", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-2625", }, ], notes: [ { category: "general", text: "XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-2625", url: "https://www.suse.com/security/cve/CVE-2009-2625", }, { category: "external", summary: "SUSE Bug 525562 for CVE-2009-2625", url: "https://bugzilla.suse.com/525562", }, { category: "external", summary: "SUSE Bug 530717 for CVE-2009-2625", url: "https://bugzilla.suse.com/530717", }, { category: "external", summary: "SUSE Bug 534025 for CVE-2009-2625", url: "https://bugzilla.suse.com/534025", }, { category: "external", summary: "SUSE Bug 534721 for CVE-2009-2625", url: "https://bugzilla.suse.com/534721", }, { category: "external", summary: "SUSE Bug 537969 for CVE-2009-2625", url: "https://bugzilla.suse.com/537969", }, { category: "external", summary: "SUSE Bug 540945 for CVE-2009-2625", url: "https://bugzilla.suse.com/540945", }, { category: "external", summary: "SUSE Bug 548655 for CVE-2009-2625", url: "https://bugzilla.suse.com/548655", }, { category: "external", summary: "SUSE Bug 550664 for CVE-2009-2625", url: "https://bugzilla.suse.com/550664", }, { category: "external", summary: "SUSE Bug 553220 for CVE-2009-2625", url: "https://bugzilla.suse.com/553220", }, { category: "external", summary: "SUSE Bug 558892 for CVE-2009-2625", url: "https://bugzilla.suse.com/558892", }, { category: "external", summary: "SUSE Bug 581162 for CVE-2009-2625", url: "https://bugzilla.suse.com/581162", }, { category: "external", summary: "SUSE Bug 581765 for CVE-2009-2625", url: "https://bugzilla.suse.com/581765", }, { category: "external", summary: "SUSE Bug 610080 for CVE-2009-2625", url: "https://bugzilla.suse.com/610080", }, { category: "external", summary: "SUSE Bug 611931 for CVE-2009-2625", url: "https://bugzilla.suse.com/611931", }, { category: "external", summary: "SUSE Bug 611932 for CVE-2009-2625", url: "https://bugzilla.suse.com/611932", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2009-2625", }, { cve: "CVE-2009-3560", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-3560", }, ], notes: [ { category: "general", text: "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-3560", url: "https://www.suse.com/security/cve/CVE-2009-3560", }, { category: "external", summary: "SUSE Bug 550666 for CVE-2009-3560", url: "https://bugzilla.suse.com/550666", }, { category: "external", summary: "SUSE Bug 558892 for CVE-2009-3560", url: "https://bugzilla.suse.com/558892", }, { category: "external", summary: "SUSE Bug 561561 for CVE-2009-3560", url: "https://bugzilla.suse.com/561561", }, { category: "external", summary: "SUSE Bug 581162 for CVE-2009-3560", url: "https://bugzilla.suse.com/581162", }, { category: "external", summary: "SUSE Bug 581765 for CVE-2009-3560", url: "https://bugzilla.suse.com/581765", }, { category: "external", summary: "SUSE Bug 611931 for CVE-2009-3560", url: "https://bugzilla.suse.com/611931", }, { category: "external", summary: "SUSE Bug 694595 for CVE-2009-3560", url: "https://bugzilla.suse.com/694595", }, { category: "external", summary: "SUSE Bug 725950 for CVE-2009-3560", url: "https://bugzilla.suse.com/725950", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-3560", }, { cve: "CVE-2009-3720", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2009-3720", }, ], notes: [ { category: "general", text: "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2009-3720", url: "https://www.suse.com/security/cve/CVE-2009-3720", }, { category: "external", summary: "SUSE Bug 534721 for CVE-2009-3720", url: "https://bugzilla.suse.com/534721", }, { category: "external", summary: "SUSE Bug 550664 for CVE-2009-3720", url: "https://bugzilla.suse.com/550664", }, { category: "external", summary: "SUSE Bug 550666 for CVE-2009-3720", url: "https://bugzilla.suse.com/550666", }, { category: "external", summary: "SUSE Bug 558892 for CVE-2009-3720", url: "https://bugzilla.suse.com/558892", }, { category: "external", summary: "SUSE Bug 561561 for CVE-2009-3720", url: "https://bugzilla.suse.com/561561", }, { category: "external", summary: "SUSE Bug 581162 for CVE-2009-3720", url: "https://bugzilla.suse.com/581162", }, { category: "external", summary: "SUSE Bug 581765 for CVE-2009-3720", url: "https://bugzilla.suse.com/581765", }, { category: "external", summary: "SUSE Bug 611931 for CVE-2009-3720", url: "https://bugzilla.suse.com/611931", }, { category: "external", summary: "SUSE Bug 725950 for CVE-2009-3720", url: "https://bugzilla.suse.com/725950", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2009-3720", }, { cve: "CVE-2012-0876", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-0876", }, ], notes: [ { category: "general", text: "The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-0876", url: "https://www.suse.com/security/cve/CVE-2012-0876", }, { category: "external", summary: "SUSE Bug 750914 for CVE-2012-0876", url: "https://bugzilla.suse.com/750914", }, { category: "external", summary: "SUSE Bug 751464 for CVE-2012-0876", url: "https://bugzilla.suse.com/751464", }, { category: "external", summary: "SUSE Bug 751465 for CVE-2012-0876", url: "https://bugzilla.suse.com/751465", }, { category: "external", summary: "SUSE Bug 983215 for CVE-2012-0876", url: "https://bugzilla.suse.com/983215", }, { category: "external", summary: "SUSE Bug 983216 for CVE-2012-0876", url: "https://bugzilla.suse.com/983216", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-0876", }, { cve: "CVE-2012-1147", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-1147", }, ], notes: [ { category: "general", text: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-1147", url: "https://www.suse.com/security/cve/CVE-2012-1147", }, { category: "external", summary: "SUSE Bug 750914 for CVE-2012-1147", url: "https://bugzilla.suse.com/750914", }, { category: "external", summary: "SUSE Bug 751464 for CVE-2012-1147", url: "https://bugzilla.suse.com/751464", }, { category: "external", summary: "SUSE Bug 751465 for CVE-2012-1147", url: "https://bugzilla.suse.com/751465", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-1147", }, { cve: "CVE-2012-1148", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-1148", }, ], notes: [ { category: "general", text: "Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-1148", url: "https://www.suse.com/security/cve/CVE-2012-1148", }, { category: "external", summary: "SUSE Bug 750914 for CVE-2012-1148", url: "https://bugzilla.suse.com/750914", }, { category: "external", summary: "SUSE Bug 751464 for CVE-2012-1148", url: "https://bugzilla.suse.com/751464", }, { category: "external", summary: "SUSE Bug 751465 for CVE-2012-1148", url: "https://bugzilla.suse.com/751465", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-1148", }, { cve: "CVE-2012-6702", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2012-6702", }, ], notes: [ { category: "general", text: "Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2012-6702", url: "https://www.suse.com/security/cve/CVE-2012-6702", }, { category: "external", summary: "SUSE Bug 983215 for CVE-2012-6702", url: "https://bugzilla.suse.com/983215", }, { category: "external", summary: "SUSE Bug 983216 for CVE-2012-6702", url: "https://bugzilla.suse.com/983216", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2012-6702", }, { cve: "CVE-2015-1283", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-1283", }, ], notes: [ { category: "general", text: "Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-1283", url: "https://www.suse.com/security/cve/CVE-2015-1283", }, { category: "external", summary: "SUSE Bug 1034050 for CVE-2015-1283", url: "https://bugzilla.suse.com/1034050", }, { category: "external", summary: "SUSE Bug 939077 for CVE-2015-1283", url: "https://bugzilla.suse.com/939077", }, { category: "external", summary: "SUSE Bug 979441 for CVE-2015-1283", url: "https://bugzilla.suse.com/979441", }, { category: "external", summary: "SUSE Bug 980391 for CVE-2015-1283", url: "https://bugzilla.suse.com/980391", }, { category: "external", summary: "SUSE Bug 983985 for CVE-2015-1283", url: "https://bugzilla.suse.com/983985", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2015-1283", }, { cve: "CVE-2016-0718", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0718", }, ], notes: [ { category: "general", text: "Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0718", url: "https://www.suse.com/security/cve/CVE-2016-0718", }, { category: "external", summary: "SUSE Bug 979441 for CVE-2016-0718", url: "https://bugzilla.suse.com/979441", }, { category: "external", summary: "SUSE Bug 991809 for CVE-2016-0718", url: "https://bugzilla.suse.com/991809", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-0718", }, { cve: "CVE-2016-4472", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4472", }, ], notes: [ { category: "general", text: "The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4472", url: "https://www.suse.com/security/cve/CVE-2016-4472", }, { category: "external", summary: "SUSE Bug 1034050 for CVE-2016-4472", url: "https://bugzilla.suse.com/1034050", }, { category: "external", summary: "SUSE Bug 939077 for CVE-2016-4472", url: "https://bugzilla.suse.com/939077", }, { category: "external", summary: "SUSE Bug 980391 for CVE-2016-4472", url: "https://bugzilla.suse.com/980391", }, { category: "external", summary: "SUSE Bug 983985 for CVE-2016-4472", url: "https://bugzilla.suse.com/983985", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2016-4472", }, { cve: "CVE-2016-5300", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5300", }, ], notes: [ { category: "general", text: "The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5300", url: "https://www.suse.com/security/cve/CVE-2016-5300", }, { category: "external", summary: "SUSE Bug 983216 for CVE-2016-5300", url: "https://bugzilla.suse.com/983216", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "openSUSE Tumbleweed:expat-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:expat-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:expat-2.2.0-3.1.s390x", "openSUSE Tumbleweed:expat-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat-devel-32bit-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-2.2.0-3.1.x86_64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.aarch64", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.ppc64le", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.s390x", "openSUSE Tumbleweed:libexpat1-32bit-2.2.0-3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2016-5300", }, ], }
fkie_cve-2012-1147
Vulnerability from fkie_nvd
Published
2012-07-03 19:55
Modified
2024-11-21 01:36
Severity ?
Summary
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | 10.11.0 | |
| apple | mac_os_x | 10.11.1 | |
| libexpat_project | libexpat | * | |
| libexpat_project | libexpat | 1.95.1 | |
| libexpat_project | libexpat | 1.95.2 | |
| libexpat_project | libexpat | 1.95.4 | |
| libexpat_project | libexpat | 1.95.5 | |
| libexpat_project | libexpat | 1.95.6 | |
| libexpat_project | libexpat | 1.95.7 | |
| libexpat_project | libexpat | 1.95.8 | |
| libexpat_project | libexpat | 2.0.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:apple:mac_os_x:10.11.0:*:*:*:*:*:*:*", matchCriteriaId: "EDDDDC59-E784-4C8B-BDAD-55D8322138EC", vulnerable: true, }, { criteria: "cpe:2.3:o:apple:mac_os_x:10.11.1:*:*:*:*:*:*:*", matchCriteriaId: "751EE7FE-D5C1-403A-AA93-B9B8BD53953F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", matchCriteriaId: "0B298040-6E60-4701-9F0A-E57CDD3CFA83", versionEndIncluding: "2.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*", matchCriteriaId: "055C8DC2-8840-4758-9F3F-21EEF87845DF", vulnerable: true, }, { criteria: "cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*", matchCriteriaId: "64E471EF-41A9-491F-B032-568723816ADD", vulnerable: true, }, { criteria: "cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*", matchCriteriaId: "D9F94DC5-6A6C-4DB4-A6FA-CDF786AC8E0B", vulnerable: true, }, { criteria: "cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*", matchCriteriaId: "19EC2420-0140-4233-A766-8D3D9B0933B8", vulnerable: true, }, { criteria: "cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*", matchCriteriaId: "572CC266-7C6B-46FE-963F-B457A387B24A", vulnerable: true, }, { criteria: "cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*", matchCriteriaId: "6B354846-9F53-4D07-B34E-F8BB63836299", vulnerable: true, }, { criteria: "cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*", matchCriteriaId: "E0B6B5BF-5A76-46B9-BD7B-679F28821CD7", vulnerable: true, }, { criteria: "cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "843ADBBB-69DE-4128-A1B0-BCA3E85DC6BA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", }, { lang: "es", value: "readfilemap.c en expat antes de v2.1.0 permite causar una denegación de servicio (por consumo de descriptores de fichero) a atacantes dependientes de contexto a través de un gran número de archivos XML hechos a mano.", }, ], id: "CVE-2012-1147", lastModified: "2024-11-21T01:36:32.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-07-03T19:55:02.663", references: [ { source: "secalert@redhat.com", url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { source: "secalert@redhat.com", url: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", }, { source: "secalert@redhat.com", url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { source: "secalert@redhat.com", url: "http://trac.wxwidgets.org/ticket/11194", }, { source: "secalert@redhat.com", url: "http://trac.wxwidgets.org/ticket/11432", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/52379", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id/1034344", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT205637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://trac.wxwidgets.org/ticket/11194", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://trac.wxwidgets.org/ticket/11432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/52379", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034344", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT205637", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
var-201207-0369
Vulnerability from variot
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. The Expat library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML data. Exploiting these issues allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. Expat versions prior to 2.1.0 are vulnerable. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008
OS X El Capitan 10.11.2 and Security Update 2015-008 is now available and addresses the following:
apache_mod_php Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30. CVE-ID CVE-2015-7803 CVE-2015-7804
AppSandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may maintain access to Contacts after having access revoked Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox. CVE-ID CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt
Bluetooth Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7108 : Ian Beer of Google Project Zero
CFNetwork HTTPProtocol Available for: OS X El Capitan v10.11 and v10.11.1 Impact: An attacker with a privileged network position may be able to bypass HSTS Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and Muneaki Nishimura (nishimunea)
Compression Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams. CVE-ID CVE-2015-7054 : j00ru
Configuration Profiles Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local attacker may be able to install a configuration profile without admin privileges Description: An issue existed when installing configuration profiles. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-7062 : David Mulder of Dell Software
CoreGraphics Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of malformed media files. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7074 : Apple CVE-2015-7075
Disk Images Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7110 : Ian Beer of Google Project Zero
EFI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in the kernel loader. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7063 : Apple
File Bookmark Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A path validation issue existed in app scoped bookmarks. This was addressed through improved environment sanitization. CVE-ID CVE-2015-7071 : Apple
Hypervisor Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A use after free issue existed in the handling of VM objects. This issue was addressed through improved memory management. CVE-ID CVE-2015-7078 : Ian Beer of Google Project Zero
iBooks Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information Description: An XML external entity reference issue existed with iBook parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)
ImageIO Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7053 : Apple
Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A null pointer dereference issue was addressed through improved input validation. CVE-ID CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D
Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D
Intel Graphics Driver Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with system privileges Description: An out of bounds memory access issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7077 : Ian Beer of Google Project Zero
IOAcceleratorFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7109 : Juwei Lin of TrendMicro
IOHIDFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily API. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7111 : beist and ABH of BoB CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation. CVE-ID CVE-2015-7068 : Ian Beer of Google Project Zero
IOThunderboltFamily Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to cause a system denial of service Description: A null pointer dereference existed in IOThunderboltFamily's handling of certain userclient types. This issue was addressed through improved validation of IOThunderboltFamily contexts. CVE-ID CVE-2015-7067 : Juwei Lin of TrendMicro
Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local application may be able to cause a denial of service Description: Multiple denial of service issues were addressed through improved memory handling. CVE-ID CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7083 : Ian Beer of Google Project Zero CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages. CVE-ID CVE-2015-7047 : Ian Beer of Google Project Zero
kext tools Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A validation issue existed during the loading of kernel extensions. This issue was addressed through additional verification. CVE-ID CVE-2015-7052 : Apple
Keychain Access Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may be able to masquerade as the Keychain Server. Description: An issue existed in how Keychain Access interacted with Keychain Agent. This issue was resolved by removing legacy functionality. CVE-ID CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi- Min Hu of Tsinghua University, and Xinhui Han of Peking University
libarchive Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling. CVE-ID CVE-2011-2895 : @practicalswift
libc Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Processing a maliciously crafted package may lead to arbitrary code execution Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-7038 CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
libexpat Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in expat Description: Multiple vulnerabilities existed in expat version prior to 2.1.0. CVE-ID CVE-2012-0876 : Vincent Danen CVE-2012-1147 : Kurt Seifried CVE-2012-1148 : Kurt Seifried
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological University
OpenGL Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling. CVE-ID CVE-2015-7064 : Apple CVE-2015-7065 : Apple CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
OpenLDAP Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote unauthenticated client may be able to cause a denial of service Description: An input validation issue existed in OpenLDAP. This issue was addressed through improved input validation. CVE-ID CVE-2015-6908
OpenSSH Available for: OS X El Capitan v10.11 and v10.11.1 Impact: Multiple vulnerabilities in LibreSSL Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8. CVE-ID CVE-2015-5333 CVE-2015-5334
QuickLook Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7107
Sandbox Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7046 : Apple
Security Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling. CVE-ID CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation CVE-ID CVE-2015-7059 : David Keeler of Mozilla CVE-2015-7060 : Tyson Smith of Mozilla CVE-2015-7061 : Ryan Sleevi of Google
Security Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application may gain access to a user's Keychain items Description: An issue existed in the validation of access control lists for keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-7058
System Integrity Protection Available for: OS X El Capitan v10.11 and v10.11.1 Impact: A malicious application with root privileges may be able to execute arbitrary code with system privileges Description: A privilege issue existed in handling union mounts. This issue was addressed by improved authorization checks. CVE-ID CVE-2015-7044 : MacDefender
Installation note:
Security Update 2015-008 is recommended for all users and improves the security of OS X. After installing this update, the QuickTime 7 web browser plug-in will no longer be enabled by default. Learn what to do if you still need this legacy plug-in. https://support.apple.com/en-us/HT205081
OS X El Capitan v10.11.2 includes the security content of Safari 9.0.2: https://support.apple.com/en-us/HT205639
OS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j PE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn +XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ jtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz 0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g OjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s Ima2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36 Num/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB BhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY Z9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx rfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T gvIdn3N1k8hWpmYDjxZd =Yi/n -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-06
http://security.gentoo.org/
Severity: Normal Title: Expat: Multiple vulnerabilities Date: September 24, 2012 Bugs: #280615, #303727, #407519 ID: 201209-06
Synopsis
Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service.
Background
Expat is a set of XML parsing libraries. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Expat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.1.0_beta3"
Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.
References
[ 1 ] CVE-2009-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560 [ 2 ] CVE-2009-3720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3720 [ 3 ] CVE-2012-0876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0876 [ 4 ] CVE-2012-1147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1147 [ 5 ] CVE-2012-1148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1148
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201209-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6
iTunes for Windows 12.6 addresses the following:
APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201207-0369", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "mac os x", scope: "eq", trust: 1.8, vendor: "apple", version: "10.11.1", }, { model: "libexpat", scope: "lte", trust: 1, vendor: "libexpat", version: "2.0.1", }, { model: "libexpat", scope: "eq", trust: 1, vendor: "libexpat", version: "1.95.5", }, { model: "libexpat", scope: "eq", trust: 1, vendor: "libexpat", version: "1.95.7", }, { model: "libexpat", scope: "eq", trust: 1, vendor: "libexpat", version: "1.95.8", }, { model: "libexpat", scope: "eq", trust: 1, vendor: "libexpat", version: "1.95.6", }, { model: "libexpat", scope: "eq", trust: 1, vendor: "libexpat", version: "2.0.0", }, { model: "libexpat", scope: "eq", trust: 1, vendor: "libexpat", version: "1.95.4", }, { model: "libexpat", scope: "eq", trust: 1, vendor: "libexpat", version: "1.95.2", }, { model: "libexpat", scope: "eq", trust: 1, vendor: "libexpat", version: "1.95.1", }, { model: "mac os x", scope: "eq", trust: 1, vendor: "apple", version: "10.11.0", }, { model: "expat", scope: "lt", trust: 0.8, vendor: "expat", version: "2.1.0", }, { model: "mac os x", scope: "eq", trust: 0.8, vendor: "apple", version: "10.11", }, { model: "expat", scope: "eq", trust: 0.6, vendor: "libexpat", version: "1.95.8", }, { model: "expat", scope: "eq", trust: 0.6, vendor: "libexpat", version: "1.95.7", }, { model: "expat", scope: "eq", trust: 0.6, vendor: "libexpat", version: "2.0.0", }, { model: "expat", scope: "eq", trust: 0.6, vendor: "libexpat", version: "1.95.4", }, { model: "expat", scope: "eq", trust: 0.6, vendor: "libexpat", version: "1.95.6", }, { model: "expat", scope: "eq", trust: 0.6, vendor: "libexpat", version: "2.0.1", }, { model: "expat", scope: "eq", trust: 0.6, vendor: "libexpat", version: "1.95.1", }, { model: "expat", scope: "eq", trust: 0.6, vendor: "libexpat", version: "1.95.2", }, { model: "expat", scope: "eq", trust: 0.6, vendor: "libexpat", version: "1.95.5", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "11.10", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.9", }, { model: "aura session manager sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "conferencing standard edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "meeting exchange", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "1.0", }, { model: "enterprise linux hpc node optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.1", }, { model: "netezza analytics", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.0", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "freeflow print server 73.c5.11", scope: null, trust: 0.3, vendor: "xerox", version: null, }, { model: "voice portal sp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "linux ia-64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "proactive contact", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.1", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6.2", }, { model: "voice portal sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.3.8.3", }, { model: "enterprise linux server", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "1.1.1", }, { model: "clark expat", scope: "ne", trust: 0.3, vendor: "james", version: "2.1", }, { model: "voice portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "esx server", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.1", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "5", }, { model: "iq", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1.1", }, { model: "aura session manager", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aura sip enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.3", }, { model: "enterprise server", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "voice portal sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.3.9.3", }, { model: "aura system manager", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aura conferencing sp1 standard", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "security network protection", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.1", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "11.10", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "meeting exchange", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura communication manager utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2011", }, { model: "enterprise linux workstation", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "freeflow print server 81.d0.73", scope: null, trust: 0.3, vendor: "xerox", version: null, }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "meeting exchange sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "mac os", scope: "ne", trust: 0.3, vendor: "apple", version: "x10.11.2", }, { model: "meeting exchange sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "linux lts powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "enterprise linux desktop client", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "websphere application server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.1.0.9", }, { model: "aura session manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "1.1", }, { model: "aura communication manager utility services sp", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.16.1.0.9.8", }, { model: "aura sip enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura communication manager", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aura experience portal", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "iq", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "11.04", }, { model: "aura sip enablement services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.1", }, { model: "proactive contact", scope: "ne", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "voice portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1.1", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "linux lts sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.3", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.4.0", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "kidd xml-rpc for c/c++", scope: "ne", trust: 0.3, vendor: "eric", version: "1.32", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "10", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.3", }, { model: "aura system manager sp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "linux i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "11.04", }, { model: "aura system platform sp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "aura communication manager utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.4.0.15", }, { model: "aura system platform sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.2", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "security network protection", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.3", }, { model: "voice portal", scope: "ne", trust: 0.3, vendor: "avaya", version: "5.1.3", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "aura session manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aura system platform sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2.1", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "7.0", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aura system platform", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.2.2", }, { model: "enterprise linux", scope: "eq", trust: 0.3, vendor: "oracle", version: "6", }, { model: "aura application enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.1", }, { model: "linux sparc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "conferencing standard edition", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "enterprise linux desktop optional", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "meeting exchange", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "aura communication manager utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "linux mandrake x86 64", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2010.1", }, { model: "voice portal sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.1", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.8.5", }, { model: "websphere application server liberty profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "voice portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1.2", }, { model: "linux", scope: null, trust: 0.3, vendor: "gentoo", version: null, }, { model: "meeting exchange sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "websphere application server full profile", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "7.0", }, { model: "meeting exchange", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0.0.52", }, { model: "linux lts i386", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "enterprise linux hpc node", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "linux amd64", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura application server sip core", scope: "eq", trust: 0.3, vendor: "avaya", version: "53002.0", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5", }, { model: "voice portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "voice portal sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "aura sip enablement services ssp3", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.1", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.1", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.3.0.3", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "8.0", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "mac os", scope: "eq", trust: 0.3, vendor: "apple", version: "x10.11.1", }, { model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2011", }, { model: "aura sip enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "meeting exchange sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura communication manager utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.0.9.8", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "linux lts lpia", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "8.04", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "10.04", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "11.04", }, { model: "solaris sru11.6", scope: "ne", trust: 0.3, vendor: "oracle", version: "11.3", }, { model: "enterprise linux server", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "aura presence services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "linux lts amd64", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "12.04", }, { model: "clark expat", scope: "eq", trust: 0.3, vendor: "james", version: "2.0.1", }, { model: "netezza analytics", scope: "ne", trust: 0.3, vendor: "ibm", version: "3.2.3.0", }, { model: "meeting exchange", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "sun", version: "10", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "9.0", }, { model: "freeflow print server 91.d2.32", scope: null, trust: 0.3, vendor: "xerox", version: null, }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "1.0", }, { model: "websphere application server liberty pr", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5.0-", }, { model: "linux ia-32", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "sun", version: "11", }, { model: "linux mips", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "linux arm", scope: "eq", trust: 0.3, vendor: "ubuntu", version: "11.04", }, { model: "aura communication manager utility services", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.2.5.0.15", }, { model: "aura presence services", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "aura messaging", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "aura sip enablement services", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.1", }, { model: "aura sip enablement services sp4", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.1", }, { model: "aura presence services sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.2", }, { model: "aura communication manager utility services", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.3", }, { model: "aura presence services sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aura system manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.3.0", }, { model: "iq", scope: "eq", trust: 0.3, vendor: "avaya", version: "5", }, { model: "solaris", scope: "eq", trust: 0.3, vendor: "oracle", version: "11.1", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "aura system manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "esx server", scope: "eq", trust: 0.3, vendor: "vmware", version: "4.0", }, { model: "aura system platform", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0.2", }, { model: "netezza analytics", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.1", }, { model: "linux s/390", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura experience portal", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.0", }, { model: "aura communication manager utility services", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "enterprise linux desktop workstation client", scope: "eq", trust: 0.3, vendor: "redhat", version: "5", }, { model: "aura sip enablement services ssp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.1", }, { model: "netezza analytics", scope: "eq", trust: 0.3, vendor: "ibm", version: "3.2.2", }, { model: "freeflow print server 82.d1.44", scope: null, trust: 0.3, vendor: "xerox", version: null, }, { model: "http server", scope: "eq", trust: 0.3, vendor: "ibm", version: "8.5.5", }, { model: "linux powerpc", scope: "eq", trust: 0.3, vendor: "debian", version: "6.0", }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "aura application enablement services", scope: "ne", trust: 0.3, vendor: "avaya", version: "6.2", }, { model: "mac os security update", scope: "ne", trust: 0.3, vendor: "apple", version: "x2015", }, { model: "ip office application server", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "security network protection", scope: "eq", trust: 0.3, vendor: "ibm", version: "5.3.2", }, { model: "iq", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.1", }, { model: "freeflow print server 73.d2.33", scope: null, trust: 0.3, vendor: "xerox", version: null, }, { model: "aura system manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.2", }, { model: "aura conferencing standard", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "aura system manager sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.1", }, { model: "kidd xml-rpc for c/c++", scope: "eq", trust: 0.3, vendor: "eric", version: "1.31", }, { model: "aura session manager sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.0", }, { model: "enterprise server x86 64", scope: "eq", trust: 0.3, vendor: "mandrakesoft", version: "5", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.20", }, { model: "aura communication manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.3", }, { model: "freeflow print server 93.e0.21c", scope: null, trust: 0.3, vendor: "xerox", version: null, }, { model: "aura session manager sp2", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2", }, { model: "enterprise linux desktop", scope: "eq", trust: 0.3, vendor: "redhat", version: "6", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0.1", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "6.1.5", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, { model: "flex system manager", scope: "eq", trust: 0.3, vendor: "ibm", version: "1.3.0", }, { model: "aura session manager", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.2.4", }, { model: "linux mandrake", scope: "eq", trust: 0.3, vendor: "mandriva", version: "2010.1", }, { model: "meeting exchange sp1", scope: "eq", trust: 0.3, vendor: "avaya", version: "5.0", }, ], sources: [ { db: "BID", id: "52379", }, { db: "JVNDB", id: "JVNDB-2012-002978", }, { db: "CNNVD", id: "CNNVD-201204-163", }, { db: "NVD", id: "CVE-2012-1147", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:libexpat:expat", vulnerable: true, }, { cpe22Uri: "cpe:/o:apple:mac_os_x", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2012-002978", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apple", sources: [ { db: "PACKETSTORM", id: "134748", }, { db: "PACKETSTORM", id: "141808", }, { db: "PACKETSTORM", id: "141796", }, { db: "PACKETSTORM", id: "141937", }, ], trust: 0.4, }, cve: "CVE-2012-1147", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "CVE-2012-1147", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 1.8, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-54428", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2012-1147", trust: 1, value: "MEDIUM", }, { author: "NVD", id: "CVE-2012-1147", trust: 0.8, value: "Medium", }, { author: "CNNVD", id: "CNNVD-201204-163", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-54428", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-54428", }, { db: "JVNDB", id: "JVNDB-2012-002978", }, { db: "CNNVD", id: "CNNVD-201204-163", }, { db: "NVD", id: "CVE-2012-1147", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. The Expat library is prone to multiple denial-of-service vulnerabilities because it fails to properly handle crafted XML data. \nExploiting these issues allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library. \nExpat versions prior to 2.1.0 are vulnerable. Expat is a C language-based XML parser library developed by American software developer Jim Clark, which uses a stream-oriented parser. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008\n\nOS X El Capitan 10.11.2 and Security Update 2015-008 is now available\nand addresses the following:\n\napache_mod_php\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: Multiple vulnerabilities in PHP\nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.5.29, the most serious of which may have led to remote code\nexecution. These were addressed by updating PHP to version 5.5.30. \nCVE-ID\nCVE-2015-7803\nCVE-2015-7804\n\nAppSandbox\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A malicious application may maintain access to Contacts\nafter having access revoked\nDescription: An issue existed in the sandbox's handling of hard\nlinks. This issue was addressed through improved hardening of the app\nsandbox. \nCVE-ID\nCVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University\nPOLITEHNICA of Bucharest; Luke Deshotels and William Enck of North\nCarolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi\nof TU Darmstadt\n\nBluetooth\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in the Bluetooth HCI\ninterface. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-7108 : Ian Beer of Google Project Zero\n\nCFNetwork HTTPProtocol\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: An attacker with a privileged network position may be able\nto bypass HSTS\nDescription: An input validation issue existed within URL\nprocessing. This issue was addressed through improved URL validation. \nCVE-ID\nCVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and\nMuneaki Nishimura (nishimunea)\n\nCompression\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: An uninitialized memory access issue existed in zlib. \nThis issue was addressed through improved memory initialization and\nadditional validation of zlib streams. \nCVE-ID\nCVE-2015-7054 : j00ru\n\nConfiguration Profiles\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local attacker may be able to install a configuration\nprofile without admin privileges\nDescription: An issue existed when installing configuration\nprofiles. This issue was addressed through improved authorization\nchecks. \nCVE-ID\nCVE-2015-7062 : David Mulder of Dell Software\n\nCoreGraphics\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreMedia Playback\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in the\nprocessing of malformed media files. These issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-7074 : Apple\nCVE-2015-7075\n\nDisk Images\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue existed in the parsing of\ndisk images. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7110 : Ian Beer of Google Project Zero\n\nEFI\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A path validation issue existed in the kernel loader. \nThis was addressed through improved environment sanitization. \nCVE-ID\nCVE-2015-7063 : Apple\n\nFile Bookmark\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: A path validation issue existed in app scoped\nbookmarks. This was addressed through improved environment\nsanitization. \nCVE-ID\nCVE-2015-7071 : Apple\n\nHypervisor\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A use after free issue existed in the handling of VM\nobjects. This issue was addressed through improved memory management. \nCVE-ID\nCVE-2015-7078 : Ian Beer of Google Project Zero\n\niBooks\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: Parsing a maliciously crafted iBooks file may lead to\ndisclosure of user information\nDescription: An XML external entity reference issue existed with\niBook parsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach\n(@ITSecurityguard)\n\nImageIO\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in ImageIO. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-7053 : Apple\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A null pointer dereference issue was addressed through\nimproved input validation. \nCVE-ID\nCVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and\nJeongHoon Shin@A.D.D\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in the Intel Graphics\nDriver. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of\nTrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D\n\nIntel Graphics Driver\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: An out of bounds memory access issue existed in the\nIntel Graphics Driver. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-7077 : Ian Beer of Google Project Zero\n\nIOAcceleratorFamily\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in\nIOAcceleratorFamily. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7109 : Juwei Lin of TrendMicro\n\nIOHIDFamily\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: Multiple memory corruption issues existed in\nIOHIDFamily API. These issues were addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7111 : beist and ABH of BoB\nCVE-2015-7112 : Ian Beer of Google Project Zero\n\nIOKit SCSI\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A malicious application may be able to execute arbitrary\ncode with kernel privileges\nDescription: A null pointer dereference existed in the handling of a\ncertain userclient type. This issue was addressed through improved\nvalidation. \nCVE-ID\nCVE-2015-7068 : Ian Beer of Google Project Zero\n\nIOThunderboltFamily\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to cause a system denial of service\nDescription: A null pointer dereference existed in\nIOThunderboltFamily's handling of certain userclient types. This\nissue was addressed through improved validation of\nIOThunderboltFamily contexts. \nCVE-ID\nCVE-2015-7067 : Juwei Lin of TrendMicro\n\nKernel\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local application may be able to cause a denial of service\nDescription: Multiple denial of service issues were addressed\nthrough improved memory handling. \nCVE-ID\nCVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team\nCVE-2015-7043 : Tarjei Mandt (@kernelpool)\n\nKernel\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple memory corruption issues existed in the\nkernel. These issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7083 : Ian Beer of Google Project Zero\nCVE-2015-7084 : Ian Beer of Google Project Zero\n\nKernel\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: An issue existed in the parsing of mach messages. This\nissue was addressed through improved validation of mach messages. \nCVE-ID\nCVE-2015-7047 : Ian Beer of Google Project Zero\n\nkext tools\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A local user may be able to execute arbitrary code with\nkernel privileges\nDescription: A validation issue existed during the loading of kernel\nextensions. This issue was addressed through additional verification. \nCVE-ID\nCVE-2015-7052 : Apple\n\nKeychain Access\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A malicious application may be able to masquerade as the\nKeychain Server. \nDescription: An issue existed in how Keychain Access interacted with\nKeychain Agent. This issue was resolved by removing legacy\nfunctionality. \nCVE-ID\nCVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University\nBloomington, Xiaolong Bai of Indiana University Bloomington and\nTsinghua University, Tongxin Li of Peking University, Kai Chen of\nIndiana University Bloomington and Institute of Information\nEngineering, Xiaojing Liao of Georgia Institute of Technology, Shi-\nMin Hu of Tsinghua University, and Xinhui Han of Peking University\n\nlibarchive\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\narchives. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2011-2895 : @practicalswift\n\nlibc\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: Processing a maliciously crafted package may lead to\narbitrary code execution\nDescription: Multiple buffer overflows existed in the C standard\nlibrary. These issues were addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-7038\nCVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)\n\nlibexpat\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: Multiple vulnerabilities in expat\nDescription: Multiple vulnerabilities existed in expat version prior\nto 2.1.0. \nCVE-ID\nCVE-2012-0876 : Vincent Danen\nCVE-2012-1147 : Kurt Seifried\nCVE-2012-1148 : Kurt Seifried\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: A memory corruption issue existed in the parsing of XML\nfiles. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3807 : Wei Lei and Liu Yang of Nanyang Technological\nUniversity\n\nOpenGL\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact: Visiting a maliciously crafted website may lead to arbitrary\ncode execution\nDescription: Multiple memory corruption issues existed in OpenGL. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-7064 : Apple\nCVE-2015-7065 : Apple\nCVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks\n\nOpenLDAP\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A remote unauthenticated client may be able to cause a\ndenial of service\nDescription: An input validation issue existed in OpenLDAP. This\nissue was addressed through improved input validation. \nCVE-ID\nCVE-2015-6908\n\nOpenSSH\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: Multiple vulnerabilities in LibreSSL\nDescription: Multiple vulnerabilities existed in LibreSSL versions\nprior to 2.1.8. These were addressed by updating LibreSSL to version\n2.1.8. \nCVE-ID\nCVE-2015-5333\nCVE-2015-5334\n\nQuickLook\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact: Opening a maliciously crafted iWork file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the handling of\niWork files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7107\n\nSandbox\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A malicious application with root privileges may be able to\nbypass kernel address space layout randomization\nDescription: An insufficient privilege separation issue existed in\nxnu. This issue was addressed by improved authorization checks. \nCVE-ID\nCVE-2015-7046 : Apple\n\nSecurity\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A remote attacker may cause an unexpected application\ntermination or arbitrary code execution\nDescription: A memory corruption issue existed in handling SSL\nhandshakes. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-7073 : Benoit Foucher of ZeroC, Inc. \n\nSecurity\nAvailable for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5\nImpact: Processing a maliciously crafted certificate may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues existed in the ASN.1\ndecoder. These issues were addressed through improved input\nvalidation\nCVE-ID\nCVE-2015-7059 : David Keeler of Mozilla\nCVE-2015-7060 : Tyson Smith of Mozilla\nCVE-2015-7061 : Ryan Sleevi of Google\n\nSecurity\nAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,\nOS X El Capitan v10.11 and v10.11.1\nImpact: A malicious application may gain access to a user's Keychain\nitems\nDescription: An issue existed in the validation of access control\nlists for keychain items. This issue was addressed through improved\naccess control list checks. \nCVE-ID\nCVE-2015-7058\n\nSystem Integrity Protection\nAvailable for: OS X El Capitan v10.11 and v10.11.1\nImpact: A malicious application with root privileges may be able to\nexecute arbitrary code with system privileges\nDescription: A privilege issue existed in handling union mounts. \nThis issue was addressed by improved authorization checks. \nCVE-ID\nCVE-2015-7044 : MacDefender\n\nInstallation note:\n\nSecurity Update 2015-008 is recommended for all users and improves the\nsecurity of OS X. After installing this update, the QuickTime 7 web \nbrowser plug-in will no longer be enabled by default. Learn what to \ndo if you still need this legacy plug-in. \nhttps://support.apple.com/en-us/HT205081\n\nOS X El Capitan v10.11.2 includes the security content of\nSafari 9.0.2: https://support.apple.com/en-us/HT205639\n\nOS X El Capitan 10.11.2 and Security Update 2015-008 may be obtained\nfrom the Mac App Store or Apple's Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple's Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - https://gpgtools.org\n\niQIcBAEBCgAGBQJWZzzVAAoJEBcWfLTuOo7tQsMQAIBHD6EQQmEBqEqNqszdNS4j\nPE0wrKpgJUe79i5bUVXF3e8bK41+QGQzouceIaKK/r0aizEmUFbgvKG0BFCYacjn\n+XiDt0V4Itnf2VVvcjodEjVM8Os1BVl0G4tsrXfqJNJ8UmzqQfSFZZ0l+/yQW0rQ\njtGYuBIezeWJ/2aA2l5qC89KgiWjmN9YzwpBUx3+02maWIJaKKIvUZy4b7xbQ4fz\n0AKMHHh8u/xoPjAIpgXEpYuXM9XILabXkex3m5fp5roBipyimto/OomSsv/CuM5g\nOjMLz1ZL/dPf7yGaxSD+cTfdKJStTsm89VRWuE9MfAgWdFqjH8CpM9CT4nxX1Q8s\nIma2Vk7R+VbyOJksB2fygBtfqBmIjX+fwm52WxhW0B5HabfKMbPjoBKLGIcPsH36\nNum/gxdQ+0eswLLUzzorq3Qm2ptxoY6t/ceRAm0HE497+1+YVAKETwTbQTaBZqlB\nBhDfxk85wYfi7uuKJUH5NPP6j7sXrkJvMAuPJOXcY0QLhyxb96oD6yWaYGWjOGEY\nZ9zphs8o57l6YW1DWjvVNbZOon05bjIrepzkq6F9Q3TzCGTRgYL5BEAlgaREIZVx\nrfmFZHP3xM60SIHRKPiiADXo4dg6TvDJ6h8n+L/6OTdylxUf6bxQdoO5cmBhny1T\ngvIdn3N1k8hWpmYDjxZd\n=Yi/n\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201209-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Expat: Multiple vulnerabilities\n Date: September 24, 2012\n Bugs: #280615, #303727, #407519\n ID: 201209-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Expat, possibly resulting\nin Denial of Service. \n\nBackground\n==========\n\nExpat is a set of XML parsing libraries. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Expat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/expat-2.1.0_beta3\"\n\nPackages which depend on this library may need to be recompiled. Tools\nsuch as revdep-rebuild may assist in identifying some of these\npackages. \n\nReferences\n==========\n\n[ 1 ] CVE-2009-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560\n[ 2 ] CVE-2009-3720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3720\n[ 3 ] CVE-2012-0876\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0876\n[ 4 ] CVE-2012-1147\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1147\n[ 5 ] CVE-2012-1148\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1148\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\nAPPLE-SA-2017-03-28-2 Additional information for\nAPPLE-SA-2017-03-22-1 iTunes for Windows 12.6\n\niTunes for Windows 12.6 addresses the following:\n\nAPNs Server\nAvailable for: Windows 7 and later\nImpact: An attacker in a privileged network position can track a\nuser's activity\nDescription: A client certificate was sent in plaintext", sources: [ { db: "NVD", id: "CVE-2012-1147", }, { db: "JVNDB", id: "JVNDB-2012-002978", }, { db: "BID", id: "52379", }, { db: "VULHUB", id: "VHN-54428", }, { db: "PACKETSTORM", id: "134748", }, { db: "PACKETSTORM", id: "141808", }, { db: "PACKETSTORM", id: "116804", }, { db: "PACKETSTORM", id: "141796", }, { db: "PACKETSTORM", id: "141937", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2012-1147", trust: 3.3, }, { db: "BID", id: "52379", trust: 2, }, { db: "SECTRACK", id: "1034344", trust: 1.7, }, { db: "JVN", id: "JVNVU97526033", trust: 0.8, }, { db: "JVNDB", id: "JVNDB-2012-002978", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201204-163", trust: 0.7, }, { db: "VULHUB", id: "VHN-54428", trust: 0.1, }, { db: "PACKETSTORM", id: "134748", trust: 0.1, }, { db: "PACKETSTORM", id: "141808", trust: 0.1, }, { db: "PACKETSTORM", id: "116804", trust: 0.1, }, { db: "PACKETSTORM", id: "141796", trust: 0.1, }, { db: "PACKETSTORM", id: "141937", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-54428", }, { db: "BID", id: "52379", }, { db: "JVNDB", id: "JVNDB-2012-002978", }, { db: "PACKETSTORM", id: "134748", }, { db: "PACKETSTORM", id: "141808", }, { db: "PACKETSTORM", id: "116804", }, { db: "PACKETSTORM", id: "141796", }, { db: "PACKETSTORM", id: "141937", }, { db: "CNNVD", id: "CNNVD-201204-163", }, { db: "NVD", id: "CVE-2012-1147", }, ], }, id: "VAR-201207-0369", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-54428", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:45:59.581000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008", trust: 0.8, url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { title: "HT205637", trust: 0.8, url: "https://support.apple.com/en-us/HT205637", }, { title: "HT205637", trust: 0.8, url: "http://support.apple.com/ja-jp/HT205637", }, { title: "Top Page", trust: 0.8, url: "http://www.libexpat.org/", }, { title: "found a resource leak - ID: 2895533", trust: 0.8, url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { title: "expat 2.1.0", trust: 0.8, url: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", }, { title: "Diff of /expat/xmlwf/readfilemap.c", trust: 0.8, url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { title: "expat-win32bin-2.1.0", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43625", }, { title: "expat-2.1.0", trust: 0.6, url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=43626", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2012-002978", }, { db: "CNNVD", id: "CNNVD-201204-163", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-20", trust: 1.9, }, ], sources: [ { db: "VULHUB", id: "VHN-54428", }, { db: "JVNDB", id: "JVNDB-2012-002978", }, { db: "NVD", id: "CVE-2012-1147", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2, url: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", }, { trust: 1.7, url: "http://lists.apple.com/archives/security-announce/2015/dec/msg00005.html", }, { trust: 1.7, url: "http://www.securityfocus.com/bid/52379", }, { trust: 1.7, url: "https://support.apple.com/ht205637", }, { trust: 1.7, url: "http://trac.wxwidgets.org/ticket/11194", }, { trust: 1.7, url: "http://trac.wxwidgets.org/ticket/11432", }, { trust: 1.7, url: "http://www.securitytracker.com/id/1034344", }, { trust: 1.6, url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { trust: 1.6, url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1147", }, { trust: 0.8, url: "http://jvn.jp/vu/jvnvu97526033/", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1147", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2012-1148", }, { trust: 0.5, url: "https://nvd.nist.gov/vuln/detail/cve-2012-1147", }, { trust: 0.4, url: "https://support.apple.com/kb/ht201222", }, { trust: 0.4, url: "https://gpgtools.org", }, { trust: 0.4, url: "https://www.apple.com/support/security/pgp/", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3720", }, { trust: 0.4, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3560", }, { trust: 0.3, url: "http://expat.sourceforge.net/", }, { trust: 0.3, url: "http://xmlrpc-c.sourceforge.net/change.html", }, { trust: 0.3, url: "https://blogs.oracle.com/sunsecurity/entry/multiple_resource_management_error_vulnerabilities", }, { trust: 0.3, url: "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_python", }, { trust: 0.3, url: "https://downloads.avaya.com/css/p8/documents/100165124", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1024076", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21989336", }, { trust: 0.3, url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21992933", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988026", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21988710", }, { trust: 0.3, url: "http://www-01.ibm.com/support/docview.wss?uid=swg21994401", }, { trust: 0.3, url: "http://www.vmware.com/security/advisories/vmsa-2012-0016.html", }, { trust: 0.3, url: "http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-5300", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-0718", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-6153", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3415", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2009-3270", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-6607", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3416", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-1283", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3717", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3414", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2013-7443", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2012-6702", }, { trust: 0.3, url: "https://nvd.nist.gov/vuln/detail/cve-2016-4472", }, { trust: 0.3, url: "https://www.apple.com/itunes/download/", }, { trust: 0.2, url: "https://nvd.nist.gov/vuln/detail/cve-2012-0876", }, { trust: 0.1, url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { trust: 0.1, url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-3807", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7052", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7045", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7044", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7047", }, { trust: 0.1, url: "http://www.apple.com/support/downloads/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7046", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7060", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7043", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7058", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7053", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-6908", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7042", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2011-2895", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7059", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7001", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5334", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7039", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7040", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7054", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7063", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-5333", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7062", }, { trust: 0.1, url: "https://support.apple.com/en-us/ht205081", }, { trust: 0.1, url: "https://support.apple.com/en-us/ht205639", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7061", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7041", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2015-7038", }, { trust: 0.1, url: "http://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3560", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0876", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1147", }, { trust: 0.1, url: "http://security.gentoo.org/", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1148", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3720", }, { trust: 0.1, url: "http://security.gentoo.org/glsa/glsa-201209-06.xml", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2480", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-5029", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2479", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2383", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-2463", }, ], sources: [ { db: "VULHUB", id: "VHN-54428", }, { db: "BID", id: "52379", }, { db: "JVNDB", id: "JVNDB-2012-002978", }, { db: "PACKETSTORM", id: "134748", }, { db: "PACKETSTORM", id: "141808", }, { db: "PACKETSTORM", id: "116804", }, { db: "PACKETSTORM", id: "141796", }, { db: "PACKETSTORM", id: "141937", }, { db: "CNNVD", id: "CNNVD-201204-163", }, { db: "NVD", id: "CVE-2012-1147", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-54428", }, { db: "BID", id: "52379", }, { db: "JVNDB", id: "JVNDB-2012-002978", }, { db: "PACKETSTORM", id: "134748", }, { db: "PACKETSTORM", id: "141808", }, { db: "PACKETSTORM", id: "116804", }, { db: "PACKETSTORM", id: "141796", }, { db: "PACKETSTORM", id: "141937", }, { db: "CNNVD", id: "CNNVD-201204-163", }, { db: "NVD", id: "CVE-2012-1147", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2012-07-03T00:00:00", db: "VULHUB", id: "VHN-54428", }, { date: "2012-03-09T00:00:00", db: "BID", id: "52379", }, { date: "2012-07-05T00:00:00", db: "JVNDB", id: "JVNDB-2012-002978", }, { date: "2015-12-10T17:16:36", db: "PACKETSTORM", id: "134748", }, { date: "2017-03-24T14:54:06", db: "PACKETSTORM", id: "141808", }, { date: "2012-09-24T15:03:31", db: "PACKETSTORM", id: "116804", }, { date: "2017-03-23T16:22:29", db: "PACKETSTORM", id: "141796", }, { date: "2017-03-28T23:44:44", db: "PACKETSTORM", id: "141937", }, { date: "2012-03-09T00:00:00", db: "CNNVD", id: "CNNVD-201204-163", }, { date: "2012-07-03T19:55:02.663000", db: "NVD", id: "CVE-2012-1147", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2017-09-13T00:00:00", db: "VULHUB", id: "VHN-54428", }, { date: "2017-03-29T03:01:00", db: "BID", id: "52379", }, { date: "2015-12-15T00:00:00", db: "JVNDB", id: "JVNDB-2012-002978", }, { date: "2021-01-26T00:00:00", db: "CNNVD", id: "CNNVD-201204-163", }, { date: "2024-11-21T01:36:32.140000", db: "NVD", id: "CVE-2012-1147", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201204-163", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Expat of readfilemap.c Service disruption in ( File descriptor consumption ) Vulnerabilities", sources: [ { db: "JVNDB", id: "JVNDB-2012-002978", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Input Validation Error", sources: [ { db: "BID", id: "52379", }, { db: "CNNVD", id: "CNNVD-201204-163", }, ], trust: 0.9, }, }
gsd-2012-1147
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
Aliases
Aliases
{ GSD: { alias: "CVE-2012-1147", description: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", id: "GSD-2012-1147", references: [ "https://www.suse.com/security/cve/CVE-2012-1147.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2012-1147", ], details: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", id: "GSD-2012-1147", modified: "2023-12-13T01:20:17.927689Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-1147", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.apple.com/HT205637", refsource: "CONFIRM", url: "https://support.apple.com/HT205637", }, { name: "1034344", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034344", }, { name: "52379", refsource: "BID", url: "http://www.securityfocus.com/bid/52379", }, { name: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", refsource: "CONFIRM", url: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", }, { name: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", refsource: "CONFIRM", url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { name: "APPLE-SA-2015-12-08-3", refsource: "APPLE", url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { name: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", refsource: "CONFIRM", url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { name: "http://trac.wxwidgets.org/ticket/11432", refsource: "MISC", url: "http://trac.wxwidgets.org/ticket/11432", }, { name: "http://trac.wxwidgets.org/ticket/11194", refsource: "MISC", url: "http://trac.wxwidgets.org/ticket/11194", }, ], }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.11.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:o:apple:mac_os_x:10.11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "2.0.1", vulnerable: true, }, ], operator: "OR", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-1147", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-20", }, ], }, ], }, references: { reference_data: [ { name: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", refsource: "CONFIRM", tags: [], url: "http://sourceforge.net/projects/expat/files/expat/2.1.0/", }, { name: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", refsource: "CONFIRM", tags: [], url: "http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127", }, { name: "http://trac.wxwidgets.org/ticket/11432", refsource: "MISC", tags: [], url: "http://trac.wxwidgets.org/ticket/11432", }, { name: "http://trac.wxwidgets.org/ticket/11194", refsource: "MISC", tags: [], url: "http://trac.wxwidgets.org/ticket/11194", }, { name: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", refsource: "CONFIRM", tags: [], url: "http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15", }, { name: "52379", refsource: "BID", tags: [], url: "http://www.securityfocus.com/bid/52379", }, { name: "APPLE-SA-2015-12-08-3", refsource: "APPLE", tags: [ "Vendor Advisory", ], url: "http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html", }, { name: "https://support.apple.com/HT205637", refsource: "CONFIRM", tags: [ "Vendor Advisory", ], url: "https://support.apple.com/HT205637", }, { name: "1034344", refsource: "SECTRACK", tags: [], url: "http://www.securitytracker.com/id/1034344", }, ], }, }, impact: { baseMetricV2: { cvssV2: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", userInteractionRequired: true, }, }, lastModifiedDate: "2021-01-25T15:44Z", publishedDate: "2012-07-03T19:55Z", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.