14 matches found
BIT-PHP-MIN-2023-3823 Security issue with external entity loading in XML without enabling it
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
CLSA-2024-1734535703 php: Fix of CVE-2023-3823
CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing...
php: XML loading external entity without being enabled
A flaw was found in PHP due to inadequate validation of user-supplied XML input. By leveraging specially crafted XML code, a remote attacker could obtain sensitive information by viewing the contents of arbitrary files on the system or initiating requests to external systems. This issue may allow...
CLSA-2024-1706700142 php: Fix of 8 CVEs
CVE-2021-21702: Fix null pointer crash because of malformed SOAP server response - CVE-2021-21703: Fix error in php fpm shared memory organization leading to privilage escalation - CVE-2022-31625: Fix freeing of uninitialized memory leading to RCE - CVE-2022-31626: Fix buffer overflow in mysqlnd...
SUSE-SU-2023:3498-1 Security update for php7
This update for php7 fixes the following issues: - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. bsc1214106 - CVE-2023-3824: Fixed a buffer overflow in phardirread. bsc1214103...
SUSE-SU-2023:3445-1 Security update for php7
This update for php7 fixes the following issues: - CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. bsc1214106 - CVE-2023-3824: Fixed a buffer overflow in phardirread. bsc1214103...
Updated php packages fix security vulnerability
Libxml - GHSA-3qrf-m4j2-pcrr Security issue with external entity loading in XML without enabling it. CVE-2023-3823 Phar - GHSA-jqcx-ccgc-xwhv Buffer mismanagement in phardirread CVE-2023-3824...
CLSA-2023-1692817457 Fix CVE(s): CVE-2023-3823, CVE-2023-3824
SECURITY UPDATE: external entity loading in XML without enabling it - debian/patches/CVE-2023-3823.patch: sanitize libxml2 globals before parsing. - CVE-2023-3823 SECURITY UPDATE: buffer mismanagement in phardirread - debian/patches/php-upstream-CVE-2023-3824.patch: fix buffer mismanagement in...
Security issue with external entity loading in XML without enabling it
...
CLSA-2023-1692632011 php: Fix of 2 CVEs
CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing - CVE-2023-3824: Fix buffer mismanagement in phardirread...
CLSA-2023-1692631677 php: Fix of 2 CVEs
CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing - CVE-2023-3824: Fix buffer mismanagement in phardirread...
CVE-2023-3823 Security issue with external entity loading in XML without enabling it
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
PHP Code Issues Vulnerabilities
PHP is a scripting language for PHP that executes on the server side. PHP suffers from a code issue vulnerability that stems from loading external entities without XML enabled, resulting in a local file disclosure. Affected products and versions: PHP version 8.0 prior to 8.0.30, version 8.1 prior...
CVE-2014-2054
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity XXE attack...