Lucene search
K

19 matches found

RedHat Linux
RedHat Linux
added 2025/09/11 12:0 p.m.3 views

php: libxml streams use wrong content-type header when requesting a redirected resource

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...

6.3CVSS5.7AI score0.00718EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/05/13 2:0 p.m.10 views

php: libxml streams use wrong content-type header when requesting a redirected resource

A flaw was found in PHP's DOM and SimpleXML extensions. This vulnerability allows incorrect parsing of a redirected HTTP resource via improper content-type header handling...

6.3CVSS5.7AI score0.00718EPSS
Exploits1References5
OSV
OSV
added 2025/04/14 11:39 a.m.14 views

BIT-PHP-MIN-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

6.3CVSS6AI score0.00718EPSS
Exploits1References4
OSV
OSV
added 2025/04/14 11:39 a.m.14 views

BIT-PHP-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

6.3CVSS6AI score0.00718EPSS
Exploits1References4
NVD
NVD
added 2025/03/30 6:15 a.m.15 views

CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

6.3CVSS0.00718EPSS
Exploits1References3
OSV
OSV
added 2025/03/30 6:15 a.m.7 views

AZL-59300 CVE-2025-1219 affecting package php for versions less than 8.1.32-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

5.3CVSS6.7AI score0.00718EPSS
Exploits1References1
OSV
OSV
added 2025/03/30 6:15 a.m.6 views

AZL-59316 CVE-2025-1219 affecting package php for versions less than 8.3.19-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

5.3CVSS6.7AI score0.00718EPSS
Exploits1References1
OSV
OSV
added 2025/03/30 6:15 a.m.2 views

DEBIAN-CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

5.3CVSS6.1AI score0.00718EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/30 5:33 a.m.10 views

CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

6.3CVSS6.4AI score0.00718EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/03/16 2:49 a.m.3 views

SUSE CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

5.3CVSS6.2AI score0.00718EPSS
Exploits1References15
Github Security Blog
Github Security Blog
added 2024/06/07 9:15 p.m.11 views

ZendFramework potential XML eXternal Entity injection vectors

ZendFeedRss and ZendFeedAtom were found to contain potential XML eXternal Entity XXE vectors due to insecure usage of PHP's DOM extension. External entities could be specified by adding a specific DOCTYPE element to feeds; exploiting this vulnerability could coerce opening arbitrary files and/or...

7.2AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/07 9:15 p.m.7 views

GHSA-4J9X-G4X8-VCMF ZendFramework potential XML eXternal Entity injection vectors

ZendFeedRss and ZendFeedAtom were found to contain potential XML eXternal Entity XXE vectors due to insecure usage of PHP's DOM extension. External entities could be specified by adding a specific DOCTYPE element to feeds; exploiting this vulnerability could coerce opening arbitrary files and/or...

7.5CVSS7.2AI score
Exploits0References3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.132 views

Debian: Security Advisory (DLA-251-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.02802EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2015/07/09 6:53 p.m.3 views

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

7.5CVSS7.2AI score0.03917EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/07/09 5:1 p.m.3 views

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

7.5CVSS7.2AI score0.03917EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/25 8:31 a.m.1 views

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

7.5CVSS7.2AI score0.03917EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/23 8:11 a.m.2 views

php: missing null byte checks for paths in DOM and GD extensions

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...

7.5CVSS7.2AI score0.03917EPSS
Exploits0References4
Debian
Debian
added 2015/05/24 11:55 a.m.24 views

[SECURITY] [DSA 3265-2] zendframework regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3265-2 [email protected] http://www.debian.org/security/ Alessandro Ghedini May 24, 2015 http://www.debian.org/security/faq -...

9.8CVSS9.2AI score0.02802EPSS
Exploits2
seebug.org
seebug.org
added 2012/12/21 12:0 a.m.17 views

Zend Framework 'Zend_Feed'组件信息泄露漏洞

BUGTRAQ ID: 56982 Zend Framework ZF 是一个开放源代码的 PHP5 开发框架,可用于来开发 web 程序和服务。 Zend Framework 1.11.15、1.12.1之前版本的ZendFeedRss、ZendFeedAtom类由于使用了不安全的PHP DOM扩展,其"ZendFeed"组件在处理xml数据时存在漏洞,通过发送包含有外部实体引用的特制XML数据,攻击者可利用此漏洞打开任意文件,最终导致了本地文件信息泄露漏洞。 0 Zend Zend Framework 1.11.6 Zend Zend Framework 1.11.4 Zend Ze...

7.2AI score
Exploits0
Rows per page
Query Builder