The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-3cf0e7ebc7 advisory.

  - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in     XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680)

  - In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in     rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. (CVE-2022-44638)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in     XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:8550 advisory.

  - expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate     (CVE-2022-43680)

  - Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)

  - Mozilla: Fullscreen notification bypass (CVE-2022-45404)

  - Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

  - Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

  - Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

  - Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

  - Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)

  - Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)

  - Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)

  - Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

  - Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)

  - Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)

  - Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3165 advisory.

  - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in     XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-058 advisory.

  - In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in     xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
    (CVE-2021-45960)

  - In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for     m_groupSize. (CVE-2021-46143)

  - addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22822)

  - build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22823)

  - defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
    (CVE-2022-22824)

  - lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22825)

  - nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
    (CVE-2022-22826)

  - storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22827)

  - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with     a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852)

  - Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)

  - xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks     for whether a UTF-8 character is valid in a certain context. (CVE-2022-25235)

  - xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters     into namespace URIs. (CVE-2022-25236)

  - In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large     nesting depth in the DTD element. (CVE-2022-25313)

  - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. (CVE-2022-25314)

  - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. (CVE-2022-25315)

  - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. (CVE-2022-40674)

  - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in     XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0103 advisory.

  - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in     XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Jul 2023 CPU advisory.

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Thirdparty   (LibExpat)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows   unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks   of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash   (complete DOS) of Oracle HTTP Server. (CVE-2022-43680)

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (cURL))   . The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows   unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks   of this vulnerability can result in unauthorized creation, deletion or modification access to critical data   or all Oracle HTTP Server accessible data as well as unauthorized access to critical data or complete access   to all Oracle HTTP Server accessible data. (CVE-2023-23914)

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (Apache    HTTP Server)). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability   allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful   attacks of this vulnerability can result in takeover of Oracle HTTP Server. (CVE-2023-25690)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0421 advisory.

    Expat is a C library for parsing XML documents.

    Security Fix(es):

    * expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate     (CVE-2022-43680)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139525 advisory.

    In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in     XML_ExternalEntityParserCreate in out-of-memory situations.(CVE-2022-43680)

Tenable has extracted the preceding description block directly from the F5 Networks BIG-IP security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the expat package has been released.

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0613 advisory.

  - A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as     @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states we are in     the process of marking this report as invalid; however, some third parties takes the position that A     prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge     or deep cloning but also when a target object is polluted. (CVE-2022-37616)

  - When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by     finalizing the operation with a rename from a temporary name to the final target file name.In that rename     operation, it might accidentally *widen* the permissions for the target file, leaving the updated file     accessible to more users than intended. (CVE-2022-32207)

  - An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the     XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to     access an array at a negative 2GB offset, typically leading to a segmentation fault. (CVE-2022-40303)

  - An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a     hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be     provoked. (CVE-2022-40304)

  - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.
    X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME     incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently     interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL     checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may     allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or     enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate     chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these     inputs, the other input must already contain an X.400 address as a CRL distribution point, which is     uncommon. As such, this vulnerability is most likely to only affect applications which have implemented     their own functionality for retrieving CRLs over a network. (CVE-2023-0286)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
169125	Fedora 36 : mingw-pixman (2022-3cf0e7ebc7)	Nessus	Fedora Local Security Checks	12/22/2022	12/23/2022	high
174825	EulerOS Virtualization 2.9.0 : expat (EulerOS-SA-2023-1657)	Nessus	Huawei Local Security Checks	4/27/2023	4/27/2023	high
168033	RHEL 8 : firefox (RHSA-2022:8550)	Nessus	Red Hat Local Security Checks	11/21/2022	4/28/2024	critical
166671	Debian DLA-3165-1 : expat - LTS security update	Nessus	Debian Local Security Checks	10/28/2022	10/6/2023	high
173105	Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2023-058)	Nessus	Amazon Linux Local Security Checks	3/21/2023	4/21/2023	critical
176780	EulerOS Virtualization 2.11.0 : expat (EulerOS-SA-2023-2088)	Nessus	Huawei Local Security Checks	6/7/2023	6/7/2023	high
184514	Rocky Linux 8 : expat (RLSA-2023:0103)	Nessus	Rocky Linux Local Security Checks	11/6/2023	11/6/2023	high
178623	Oracle HTTP Server (Jul 2023 CPU)	Nessus	Web Servers	7/20/2023	1/18/2024	critical
189562	RHEL 8 : expat (RHSA-2024:0421)	Nessus	Red Hat Local Security Checks	1/25/2024	6/4/2024	high
197908	F5 Networks BIG-IP : Libexpat vulnerability (K000139525)	Nessus	F5 Networks Local Security Checks	5/24/2024	5/24/2024	high
203248	Photon OS 4.0: Expat PHSA-2022-4.0-0271	Nessus	PhotonOS Local Security Checks	7/23/2024	7/23/2024	high
194919	Splunk Enterprise < 8.1.14, 8.2.0 < 8.2.11, 9.0.0 < 9.0.5 (SVD-2023-0613)	Nessus	CGI abuses	5/2/2024	7/26/2024	critical

Detections

Analytics

Plugins Search

high

high

critical

high

critical

high

high

critical

high

high

high

critical