AZL-59316 CVE-2025-1219 affecting package php for versions less than 8.3.19-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

AZL-59300 CVE-2025-1219 affecting package php for versions less than 8.1.32-1

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

DEBIAN-CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.32, prior to 8.2.28, prior to 8.3.19, and prior to 8.4.5, which stems from the use of an incorrect content type header to determine the character set when requesting an...

SUSE CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

Zend-JSON vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

GHSA-8X2V-PCG7-94F4 Zend-JSON vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

GHSA-MHPX-3RV8-WRJM ZendFramework potential XML eXternal Entity injection vectors

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

ZendFramework potential XML eXternal Entity injection vectors

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

ZendFramework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

GHSA-F4FJ-Q6M4-CC52 ZendFramework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

Zendframework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

GHSA-QC7W-4567-84WV Zendframework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

K02511873: SimpleXML vulnerability CVE-2017-1000190

Security Advisory Description SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. CVE-2017-1000190 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development...

Malicious code in ext-simplexml (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58542cc810bb96b49484d8217777c642feb4bc4333a4a74ac00bd27b1c2f142c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2936 Malicious code in ext-simplexml (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58542cc810bb96b49484d8217777c642feb4bc4333a4a74ac00bd27b1c2f142c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

com.bugvm:bugvm-compiler (>=1.0.0 <=1.1.5), com.carrotsearch.randomizedtesting:ant-junit4 (>=0.0.3 <=0.0.4) +58 more potentially affected by CVE-2017-1000190 via org.simpleframework:simple-xml (>=2.1.3 <=2.7)

org.simpleframework:simple-xml MAVEN version =2.1.3, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.22, =2.3.1-ios11, =1.0.2, =1.0.1, =1.1.0.1 and more Source cves: CVE-2017-1000190 Source advisory: OSV:GHSA-F5QF-VH69-9Q4R...

SimpleXML has XML External Entity (XXE) vulnerability

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...