English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 146377 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.12.2025.7199.1
Category:Ubuntu Local Security Checks
Title:Ubuntu: Security Advisory (USN-7199-1)
Summary:The remote host is missing an update for the 'libxmltok' package(s) announced via the USN-7199-1 advisory.
Description:Summary:
The remote host is missing an update for the 'libxmltok' package(s) announced via the USN-7199-1 advisory.

Vulnerability Insight:
It was discovered that Expat, contained within the xmltok library,
incorrectly handled malformed XML data. If a user or application were
tricked into opening a crafted XML file, an attacker could cause a denial
of service, or possibly execute arbitrary code. (CVE-2015-1283,
CVE-2016-0718, CVE-2016-4472, CVE-2019-15903)

It was discovered that Expat, contained within the xmltok library,
incorrectly handled XML data containing a large number of colons, which
could lead to excessive resource consumption. If a user or application
were tricked into opening a crafted XML file, an attacker could possibly
use this issue to cause a denial of service. (CVE-2018-20843)

It was discovered that Expat, contained within the xmltok library,
incorrectly handled certain input, which could lead to an integer
overflow. If a user or application were tricked into opening a crafted XML
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824,
CVE-2022-22825, CVE-2022-22826, CVE-2022-22827)

Affected Software/OS:
'libxmltok' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 24.04, Ubuntu 24.10.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-1283
BugTraq ID: 75973
http://www.securityfocus.com/bid/75973
Debian Security Information: DSA-3315 (Google Search)
http://www.debian.org/security/2015/dsa-3315
Debian Security Information: DSA-3318 (Google Search)
http://www.debian.org/security/2015/dsa-3318
https://security.gentoo.org/glsa/201603-09
https://security.gentoo.org/glsa/201701-21
RedHat Security Advisories: RHSA-2015:1499
http://rhn.redhat.com/errata/RHSA-2015-1499.html
http://www.securitytracker.com/id/1033031
SuSE Security Announcement: SUSE-SU-2016:1508 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html
SuSE Security Announcement: SUSE-SU-2016:1512 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html
SuSE Security Announcement: openSUSE-SU-2015:1287 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html
SuSE Security Announcement: openSUSE-SU-2016:1441 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html
SuSE Security Announcement: openSUSE-SU-2016:1523 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html
http://www.ubuntu.com/usn/USN-2726-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-0718
1036348
http://www.securitytracker.com/id/1036348
1036415
http://www.securitytracker.com/id/1036415
1037705
http://www.securitytracker.com/id/1037705
20170227 CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6
http://seclists.org/fulldisclosure/2017/Feb/68
90729
http://www.securityfocus.com/bid/90729
APPLE-SA-2016-07-18-1
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
DSA-3582
http://www.debian.org/security/2016/dsa-3582
GLSA-201701-21
RHSA-2016:2824
http://rhn.redhat.com/errata/RHSA-2016-2824.html
RHSA-2018:2486
https://access.redhat.com/errata/RHSA-2018:2486
SUSE-SU-2016:1508
SUSE-SU-2016:1512
USN-2983-1
http://www.ubuntu.com/usn/USN-2983-1
USN-3044-1
http://www.ubuntu.com/usn/USN-3044-1
[oss-security] 20160517 CVE-2016-0718: Expat XML Parser Crashes on Malformed Input
http://www.openwall.com/lists/oss-security/2016/05/17/12
http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
http://support.eset.com/ca6333/
http://www.mozilla.org/security/announce/2016/mfsa2016-68.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1236923
https://bugzilla.redhat.com/show_bug.cgi?id=1296102
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://source.android.com/security/bulletin/2016-11-01.html
https://support.apple.com/HT206903
https://www.tenable.com/security/tns-2016-20
openSUSE-SU-2016:1441
openSUSE-SU-2016:1523
openSUSE-SU-2016:1964
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
openSUSE-SU-2016:2026
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-4472
91528
http://www.securityfocus.com/bid/91528
USN-3013-1
http://www.ubuntu.com/usn/USN-3013-1
https://bugzilla.redhat.com/show_bug.cgi?id=1344251
https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde
Common Vulnerability Exposure (CVE) ID: CVE-2018-20843
Bugtraq: 20190628 [SECURITY] [DSA 4472-1] expat security update (Google Search)
https://seclists.org/bugtraq/2019/Jun/39
https://security.netapp.com/advisory/ntap-20190703-0001/
https://support.f5.com/csp/article/K51011533
https://www.tenable.com/security/tns-2021-11
Debian Security Information: DSA-4472 (Google Search)
https://www.debian.org/security/2019/dsa-4472
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
https://security.gentoo.org/glsa/201911-08
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
https://github.com/libexpat/libexpat/issues/186
https://github.com/libexpat/libexpat/pull/262
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
SuSE Security Announcement: openSUSE-SU-2019:1777 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
https://usn.ubuntu.com/4040-1/
https://usn.ubuntu.com/4040-2/
Common Vulnerability Exposure (CVE) ID: CVE-2019-15903
Bugtraq: 20190917 [slackware-security] expat (SSA:2019-259-01) (Google Search)
https://seclists.org/bugtraq/2019/Sep/30
Bugtraq: 20190923 [SECURITY] [DSA 4530-1] expat security update (Google Search)
https://seclists.org/bugtraq/2019/Sep/37
Bugtraq: 20191021 [slackware-security] python (SSA:2019-293-01) (Google Search)
https://seclists.org/bugtraq/2019/Oct/29
Bugtraq: 20191101 [SECURITY] [DSA 4549-1] firefox-esr security update (Google Search)
https://seclists.org/bugtraq/2019/Nov/1
Bugtraq: 20191118 [SECURITY] [DSA 4571-1] thunderbird security update (Google Search)
https://seclists.org/bugtraq/2019/Nov/24
Bugtraq: 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra (Google Search)
https://seclists.org/bugtraq/2019/Dec/23
Bugtraq: 20191211 APPLE-SA-2019-12-10-5 tvOS 13.3 (Google Search)
https://seclists.org/bugtraq/2019/Dec/21
Bugtraq: 20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1 (Google Search)
https://seclists.org/bugtraq/2019/Dec/17
https://github.com/libexpat/libexpat/issues/342
https://security.netapp.com/advisory/ntap-20190926-0004/
https://support.apple.com/kb/HT210785
https://support.apple.com/kb/HT210788
https://support.apple.com/kb/HT210789
https://support.apple.com/kb/HT210790
https://support.apple.com/kb/HT210793
https://support.apple.com/kb/HT210794
https://support.apple.com/kb/HT210795
Debian Security Information: DSA-4530 (Google Search)
https://www.debian.org/security/2019/dsa-4530
Debian Security Information: DSA-4549 (Google Search)
https://www.debian.org/security/2019/dsa-4549
Debian Security Information: DSA-4571 (Google Search)
https://www.debian.org/security/2019/dsa-4571
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/
http://seclists.org/fulldisclosure/2019/Dec/23
http://seclists.org/fulldisclosure/2019/Dec/26
http://seclists.org/fulldisclosure/2019/Dec/27
http://seclists.org/fulldisclosure/2019/Dec/30
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
https://github.com/libexpat/libexpat/issues/317
https://github.com/libexpat/libexpat/pull/318
https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html
RedHat Security Advisories: RHSA-2019:3210
https://access.redhat.com/errata/RHSA-2019:3210
RedHat Security Advisories: RHSA-2019:3237
https://access.redhat.com/errata/RHSA-2019:3237
RedHat Security Advisories: RHSA-2019:3756
https://access.redhat.com/errata/RHSA-2019:3756
SuSE Security Announcement: openSUSE-SU-2019:2204 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html
SuSE Security Announcement: openSUSE-SU-2019:2205 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html
SuSE Security Announcement: openSUSE-SU-2019:2420 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html
SuSE Security Announcement: openSUSE-SU-2019:2424 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html
SuSE Security Announcement: openSUSE-SU-2019:2425 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html
SuSE Security Announcement: openSUSE-SU-2019:2447 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html
SuSE Security Announcement: openSUSE-SU-2019:2451 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html
SuSE Security Announcement: openSUSE-SU-2019:2452 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html
SuSE Security Announcement: openSUSE-SU-2019:2459 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html
SuSE Security Announcement: openSUSE-SU-2019:2464 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html
SuSE Security Announcement: openSUSE-SU-2020:0010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html
SuSE Security Announcement: openSUSE-SU-2020:0086 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
https://usn.ubuntu.com/4132-1/
https://usn.ubuntu.com/4132-2/
https://usn.ubuntu.com/4165-1/
https://usn.ubuntu.com/4202-1/
https://usn.ubuntu.com/4335-1/
Common Vulnerability Exposure (CVE) ID: CVE-2021-46143
Debian Security Information: DSA-5073 (Google Search)
https://www.debian.org/security/2022/dsa-5073
https://security.gentoo.org/glsa/202209-24
https://github.com/libexpat/libexpat/issues/532
https://github.com/libexpat/libexpat/pull/538
http://www.openwall.com/lists/oss-security/2022/01/17/3
Common Vulnerability Exposure (CVE) ID: CVE-2022-22822
https://github.com/libexpat/libexpat/pull/539
Common Vulnerability Exposure (CVE) ID: CVE-2022-22823
Common Vulnerability Exposure (CVE) ID: CVE-2022-22824
Common Vulnerability Exposure (CVE) ID: CVE-2022-22825
Common Vulnerability Exposure (CVE) ID: CVE-2022-22826
Common Vulnerability Exposure (CVE) ID: CVE-2022-22827
CopyrightCopyright (C) 2025 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.