Test ID:	1.3.6.1.4.1.25623.1.1.2.2021.2524
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2021-2524)
Summary:	The remote host is missing an update for the Huawei EulerOS 'expat' package(s) announced via the EulerOS-SA-2021-2524 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'expat' package(s) announced via the EulerOS-SA-2021-2524 advisory. Vulnerability Insight: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers, according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.(CVE-2013-0340) Affected Software/OS: 'expat' package(s) on Huawei EulerOS V2.0SP9. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0340 1028213 http://securitytracker.com/id?1028213 20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15 http://seclists.org/fulldisclosure/2021/Sep/33 20210921 APPLE-SA-2021-09-20-2 watchOS 8 http://seclists.org/fulldisclosure/2021/Sep/34 20210921 APPLE-SA-2021-09-20-3 tvOS 15 http://seclists.org/fulldisclosure/2021/Sep/35 20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8 http://seclists.org/fulldisclosure/2021/Sep/38 20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6 http://seclists.org/fulldisclosure/2021/Sep/39 20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina http://seclists.org/fulldisclosure/2021/Sep/40 20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8 http://seclists.org/fulldisclosure/2021/Oct/62 20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15 http://seclists.org/fulldisclosure/2021/Oct/63 20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15 http://seclists.org/fulldisclosure/2021/Oct/61 58233 http://www.securityfocus.com/bid/58233 90634 http://www.osvdb.org/90634 GLSA-201701-21 https://security.gentoo.org/glsa/201701-21 [announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E [openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E [oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion http://openwall.com/lists/oss-security/2013/02/22/3 [oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments http://www.openwall.com/lists/oss-security/2013/04/12/6 [oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs http://www.openwall.com/lists/oss-security/2021/10/07/4 https://support.apple.com/kb/HT212804 https://support.apple.com/kb/HT212805 https://support.apple.com/kb/HT212807 https://support.apple.com/kb/HT212814 https://support.apple.com/kb/HT212815 https://support.apple.com/kb/HT212819
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.