73 matches found
CVE-2025-1219
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
DEBIAN-CVE-2025-1219
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
AZL-59300 CVE-2025-1219 affecting package php for versions less than 8.1.32-1
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
AZL-59316 CVE-2025-1219 affecting package php for versions less than 8.3.19-1
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
PHP 安全漏洞
PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.1.32, prior to 8.2.28, prior to 8.3.19, and prior to 8.4.5, which stems from the use of an incorrect content type header to determine the character set when requesting an...
SUSE CVE-2025-1219
In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...
GHSA-8X2V-PCG7-94F4 Zend-JSON vulnerable to XXE/XEE attacks
Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...
Zend-JSON vulnerable to XXE/XEE attacks
Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...
GHSA-MHPX-3RV8-WRJM ZendFramework potential XML eXternal Entity injection vectors
Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...
ZendFramework potential XML eXternal Entity injection vectors
Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...
GHSA-F4FJ-Q6M4-CC52 ZendFramework vulnerable to XXE/XEE attacks
Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...
ZendFramework vulnerable to XXE/XEE attacks
Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...
GHSA-QC7W-4567-84WV Zendframework vulnerable to XXE/XEE attacks
Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...
Zendframework vulnerable to XXE/XEE attacks
Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...
K02511873: SimpleXML vulnerability CVE-2017-1000190
Security Advisory Description SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on. CVE-2017-1000190 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development...
MAL-2022-2936 Malicious code in ext-simplexml (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58542cc810bb96b49484d8217777c642feb4bc4333a4a74ac00bd27b1c2f142c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in ext-simplexml (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 58542cc810bb96b49484d8217777c642feb4bc4333a4a74ac00bd27b1c2f142c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SimpleXML has XML External Entity (XXE) vulnerability
SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...
GHSA-F5QF-VH69-9Q4R SimpleXML has XML External Entity (XXE) vulnerability
SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...