EUVD-2022-3982

Malicious code in bioql PyPI...

GHSA-F75P-X5VM-83QP symfony/translation XML Entity Expansion vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

GHSA-RJPM-QMQ7-Q85W Symfony XXE security vulnerability

Symfony 2.0.11 carried a similar XXE security fix, however, on review of ZF2 I also noted a vulnerability to XML Entity Expansion XEE attacks whereby all extensions making use of libxml2 have no defense against XEE Quadratic Blowup Attacks. The vulnerability is a function of there being no curren...

GHSA-GP39-H9C2-QW79 Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

SUSE: Security Advisory (SUSE-SU-2016:1277-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 29 : php (2019-f07db8f031)

PHP version 7.2.21 01 Aug 2019 Date: - Fixed bug php69044 discrepency between time and microtime. krakjoe EXIF: - Fixed bug php78256 heap-buffer-overflow on exifprocessusercomment. CVE-2019-11042 Stas - Fixed bug php78222 heap-buffer-overflow on exifscanthumbnail. CVE-2019-11041 Stas Fileinfo: -...

Fedora 27 : php (2018-d034538627)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

XML External Entity Processing (XXE)

simplesamlphp/saml2 is vulnerable to XML external entity processing XXE attacks. The attacks are possible because it does not use SAML2DOMDocumentFactory to create DOMDocuments from a string containing XML and does not call libxmldisableentityloader before calling any code...

XML External Entity (XXE) Attacks

Zendframework and several Zendservices are vulnerable to XML External Entity XXE attacks. The libxmldisableentityloader is not correctly shared between threads then PHP-FPM is used, allowing attackers to conduct XXE attacks. This is as a result of an incomplete fix for CVE-2012-5657...

openSUSE Security Update : php5 (openSUSE-2016-626)

This update for php5 fixes the following security issues : - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...

Security update for php5 (important)

This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...

SUSE SLES11 Security Update : php53 (SUSE-SU-2016:1310-1)

This update for php53 fixes the following security issues : - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...

openSUSE Security Update : php5 (openSUSE-2016-576)

This update for php5 fixes the following issues : - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2016-3074: Signedness vulnerability in bundled libgd ma...

Ubuntu: Security Advisory (USN-2952-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 15.10 : php5 regression (USN-2952-2)

USN-2952-1 fixed vulnerabilities in PHP. One of the backported patches caused a regression in the PHP Soap client. This update fixes the problem. We apologize for the inconvenience. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A...

Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2952-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2952-1 advisory. It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this...

Debian Security Advisory DSA 3265-1 (zendframework - security update)

Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154 , all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some...

DSA-3265-1 zendframework - security update

Bulletin has no description...

Fedora 21 : php-5.6.6-1.fc21 (2015-2315)

19 Feb 2015, PHP 5.6.6 Core : - Removed support for multi-line headers, as the are deprecated by RFC 7230. Stas - Fixed bug 67068 getClosure returns somethings that's not a closure. Danack at basereality dot com - Fixed bug 68942 Use after free vulnerability in unserialize with DateTimeZone...