com.bugvm:bugvm-compiler (>=1.0.0 <=1.1.5), com.carrotsearch.randomizedtesting:ant-junit4 (>=0.0.3 <=0.0.4) +58 more potentially affected by CVE-2017-1000190 via org.simpleframework:simple-xml (>=2.1.3 <=2.7)

org.simpleframework:simple-xml MAVEN version =2.1.3, =1.0.0, =0.0.3, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.22, =2.3.1-ios11, =1.0.2, =1.0.1, =1.1.0.1 and more Source cves: CVE-2017-1000190 Source advisory: OSV:GHSA-F5QF-VH69-9Q4R...

UBUNTU-CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

XML External Entity (XXE)

php is vulnerable to XML External Entity. The vulnerability exists in simplexml function due to improper input validation which allows an attacker to traverse directories...

PT-2021-6877 · Php +9 · Php +9

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.32 PHP versions 7.4.x through 7.4.25 PHP versions 8.0.x through 8.0.12 Description: The issue is related to certain XML parsing functions in PHP, such as simplexml load file, which URL-decode the filename passed...

Fedora 31 : php (2020-8838d072d5)

PHP version 7.3.18 14 May 2020 Core: - Fixed bug php78875 Long filenames cause OOM and temp files are not cleaned. CVE-2019-11048 cmb - Fixed bug php78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned. CVE-2019-11048 cmb - Fixed bug php79434 PHP 7.3 and PHP-7.4...

Fedora 31 : php (2020-62ee541bbb)

PHP version 7.3.17 16 Apr 2020 Core: - Fixed bug php79364 When copy empty array, next key is unspecified. cmb - Fixed bug php78210 Invalid pointer address. cmb, Nikita CURL: - Fixed bug php79199 curlcopyhandle memory leak. cmb Date: - Fixed bug php79396 DateTime hour incorrect during DST jump...

Fedora 30 : php (2020-96cb012029)

PHP version 7.3.17 16 Apr 2020 Core: - Fixed bug php79364 When copy empty array, next key is unspecified. cmb - Fixed bug php78210 Invalid pointer address. cmb, Nikita CURL: - Fixed bug php79199 curlcopyhandle memory leak. cmb Date: - Fixed bug php79396 DateTime hour incorrect during DST jump...

CVE-2016-1000004

Insufficient type checks were employed prior to casting input data in SimpleXMLElementexportNode and simplexmlimportdom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1 inclusive...

UBUNTU-CVE-2016-1000004

Insufficient type checks were employed prior to casting input data in SimpleXMLElementexportNode and simplexmlimportdom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 inclusive, and all versions between 3.13.0 and 3.14.1 inclusive...

DEBIAN-CVE-2017-1000190

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...

CVE-2017-1000190

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...

Design/Logic Flaw

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...

CVE-2017-1000190

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...

CVE-2017-1000190

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...

UBUNTU-CVE-2017-1000190

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...

CVE-2017-1000190

CVE-2017-1000190 affects SimpleXML (v2.7.1) and is an XXE flaw that can enable SSRF, information disclosure and DoS. Connected documents confirm affected context in IBM/Log Analysis (Solr-based deployment) and outline remediation: upgrade to IBM Operations Analytics - Log Analysis version 1.3.7 (...

CVE-2017-1000190

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...

CVE-2017-1000190

SimpleXML latest version 2.7.1 is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on...

Xml Entity Expansion (XEE)

Zendframework is vulnerable to Denial of Service DoS through XML Entity Expansion XEE. The library calls the vulnerable methods OMDocument, SimpleXML, and xmlparse which are vulnerable to XML External Entity XXE injections and XEE...

Fedora 25 : php (2016-dc5bf39fcf)

15 Sep 2016 PHP version 7.0.11 Core: - Fixed bug php72944 NULL pointer deref in zvaldelrefp. Dmitry - Fixed bug php72943 assigndim on string doesn't reset hval. Laruence - Fixed bug php72911 Memleak in zendbinaryassignopobjhelper. Laruence - Fixed bug php72813 Segfault with get returned by ref...