25 matches found
Astra Linux – Vulnerability in PHP 8.2
In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. before 8.4.10, when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefixes may lead to null pointer dereferencing. This can result in crashes and affect the availability of the target server...
EUVD-2020-21878
Malware in sbrugna...
EUVD-2022-1254
Malicious code in bioql PyPI...
AZL-65118 CVE-2025-6491 affecting package php for versions less than 8.3.23-1
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...
UBUNTU-CVE-2025-6491
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...
SUSE CVE-2025-6491
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-2810)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization...
SUSE CVE-2020-29509
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
SUSE CVE-2020-29511
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
...
OESA-2021-1011 golang security update
The Go Programming Language.\r\n\r\n Security Fixes:\r\n\r\n The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during...
AZL-6449 CVE-2020-29511 affecting package golang for versions less than 1.20.10-1
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
DEBIAN-CVE-2020-29509
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
AZL-78896 CVE-2020-29511 affecting package golang 1.25.7-1
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
AZL-78900 CVE-2020-29509 affecting package golang 1.25.7-1
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
AZL-6448 CVE-2020-29509 affecting package golang for versions less than 1.20.10-1
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29511
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
UBUNTU-CVE-2020-29509
The encoding/xml package in Go all versions does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
UBUNTU-CVE-2020-29511
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...
CVE-2020-29511
The encoding/xml package in Go all versions does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...