CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

551 matches found

OSV•added 2024/03/06 11:1 a.m.•38 views

BIT-PHP-2023-3823 Security issue with external entity loading in XML without enabling it

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

8.6CVSS8.5AI score0.00604EPSS

Exploits1References5

IBM Security Bulletins•added 2023/12/07 10:31 p.m.•42 views

Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in libxml/libxml2

Summary IBM Integrated Management Module II IMM2 has addressed the following vulnerabilities in libxml/libxml2. Vulnerability Details CVEID: CVE-2017-5130 DESCRIPTION: Google Chrome is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by libxml2. By persuading a victi...

8.8CVSS2.5AI score0.0369EPSS

Exploits1Affected Software3

Amazon•added 2023/09/13 12:0 a.m.•3 views

Important: php

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

9.8CVSS7.1AI score0.29385EPSS

Exploits4

Tenable Nessus•added 2023/09/13 12:0 a.m.•33 views

Amazon Linux 2 : php (ALASPHP8.0-2023-009)

The version of php installed on the remote host is prior to 8.0.30-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-009 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

9.8CVSS7.8AI score0.29385EPSS

Exploits4References8

Tenable Nessus•added 2023/09/13 12:0 a.m.•24 views

Amazon Linux 2 : php (ALASPHP8.2-2023-002)

The version of php installed on the remote host is prior to 8.2.9-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2023-002 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed...

9.8CVSS7.8AI score0.29385EPSS

Exploits4References8

Tenable Nessus•added 2023/09/13 12:0 a.m.•81 views

Amazon Linux 2 : php (ALASPHP8.1-2023-004)

The version of php installed on the remote host is prior to 8.1.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-004 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

9.8CVSS7.8AI score0.29385EPSS

Exploits4References8

OSV•added 2023/09/09 11:5 a.m.•1 views

OESA-2023-1623 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.7AI score0.29385EPSS

Exploits4References4

Tenable Nessus•added 2023/09/08 12:0 a.m.•54 views

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2023-324)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-324 advisory. In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities...

9.8CVSS7.9AI score0.29385EPSS

Exploits4References6

Amazon•added 2023/09/07 12:0 a.m.•3 views

Important: php8.2

Issue Overview: In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it ...

9.8CVSS6.8AI score0.29385EPSS

Exploits4

Tenable Nessus•added 2023/09/06 12:0 a.m.•31 views

Debian dla-3555 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3555 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3555-1 [email protected]...

9.8CVSS8.1AI score0.29385EPSS

Exploits4References6

Tenable Nessus•added 2023/09/06 12:0 a.m.•21 views

SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:3528-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3528-1 advisory. - In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml...

9.8CVSS7.9AI score0.29385EPSS

Exploits4References7

Tenable Nessus•added 2023/09/01 12:0 a.m.•29 views

SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:3498-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3498-1 advisory. - In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml...

9.8CVSS7.9AI score0.29385EPSS

Exploits4References7

Mageia•added 2023/08/23 7:56 p.m.•61 views

Updated php packages fix security vulnerability

Libxml - GHSA-3qrf-m4j2-pcrr Security issue with external entity loading in XML without enabling it. CVE-2023-3823 Phar - GHSA-jqcx-ccgc-xwhv Buffer mismanagement in phardirread CVE-2023-3824...

9.8CVSS7AI score0.29385EPSS

Exploits4References2

OSV•added 2023/08/23 7:56 p.m.•6 views

MGASA-2023-0248 Updated php packages fix security vulnerability

Libxml - GHSA-3qrf-m4j2-pcrr Security issue with external entity loading in XML without enabling it. CVE-2023-3823 Phar - GHSA-jqcx-ccgc-xwhv Buffer mismanagement in phardirread CVE-2023-3824...

9.8CVSS9.4AI score0.29385EPSS

Exploits4References3

Tenable Nessus•added 2023/08/23 12:0 a.m.•88 views

Ubuntu 22.04 LTS / 23.04 : PHP vulnerabilities (USN-6305-1)

The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6305-1 advisory. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information...

9.8CVSS8.1AI score0.29385EPSS

Exploits4References3

Tenable Nessus•added 2023/08/16 12:0 a.m.•319 views

PHP 8.2.x < 8.2.9 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.9 advisory. - In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state ...

9.8CVSS7.9AI score0.29385EPSS

Exploits4References3

Tenable Nessus•added 2023/08/12 12:0 a.m.•25 views

Fedora 38 : php (2023-984c26961f)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-984c26961f advisory. PHP version 8.2.9 03 Aug 2023 Build: Fixed bug GH-11522 PHP version check fails with '-' separator. SVGAnimate CLI: Fix interrupted CLI output causi...

9.8CVSS7.6AI score0.29385EPSS

Exploits4References3

OSV•added 2023/08/11 6:15 a.m.•24 views

CVE-2023-3823

7.5CVSS8.5AI score

Exploits0References4

OSV•added 2023/08/11 6:15 a.m.•2 views

AZL-63085 CVE-2023-3823 affecting package php for versions less than 8.2.8-1

7.5CVSS6.6AI score0.00604EPSS

Exploits1References1