573 matches found
MGASA-2023-0248 Updated php packages fix security vulnerability
Libxml - GHSA-3qrf-m4j2-pcrr Security issue with external entity loading in XML without enabling it. CVE-2023-3823 Phar - GHSA-jqcx-ccgc-xwhv Buffer mismanagement in phardirread CVE-2023-3824...
Ubuntu 22.04 LTS / 23.04 : PHP vulnerabilities (USN-6305-1)
The remote Ubuntu 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6305-1 advisory. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information...
PHP 8.2.x < 8.2.9 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.9 advisory. - In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state ...
Fedora 38 : php (2023-984c26961f)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-984c26961f advisory. PHP version 8.2.9 03 Aug 2023 Build: Fixed bug GH-11522 PHP version check fails with '-' separator. SVGAnimate CLI: Fix interrupted CLI output causi...
CVE-2023-3823
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
AZL-63085 CVE-2023-3823 affecting package php for versions less than 8.2.8-1
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
CVE-2023-3823
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
DEBIAN-CVE-2023-3823
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
AZL-27962 CVE-2023-3823 affecting package php for versions less than 8.1.22-1
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
Xxe
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
UBUNTU-CVE-2023-3823
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
CVE-2023-3823
CVE-2023-3823 affects PHP versions 8.0.x before 8.0.30, 8.1.x before 8.1.22, and 8.2.x before 8.2.8. The issue stems from libxml global state tracking of configuration (e.g., external entities); in shared-process scenarios (e.g., ImageMagick in the same process), this state can be altered and per...
CVE-2023-3823
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
CVE-2023-3823
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
CVE-2023-3823 Security issue with external entity loading in XML without enabling it
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
Fedora 37 : php (2023-c68f2227e6)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-c68f2227e6 advisory. PHP version 8.1.22 03 Aug 2023 Build: Fixed bug GH-11522 PHP version check fails with '-' separator. SVGAnimate CLI: Fix interrupted CLI output...
CVE-2023-3823
In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...
PT-2023-5956 · Php +11 · Php +11
Name of the Vulnerable Software and Affected Versions: PHP versions 8.0. through 8.0.29 PHP versions 8.1. through 8.1.21 PHP versions 8.2. through 8.2.7 Description: The issue is related to the way PHP's XML functions rely on libxml global state to track configuration variables. This state can be...
Debian: Security Advisory (DLA-85-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-214-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...