RLSA-2023:5926 Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...

php security update

An update is available for php. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language commonly used with the Apache HTTP...

RLSA-2023:5927 Important: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...

php:8.0 security update

An update is available for module.php, module.php-pear, module.php-pecl-apcu, php-pecl-rrd, module.php-pecl-xdebug3, php, php-pear, php-pecl-zip, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug3, module.libzip, libzip. This update affects Rocky Linux 8. A Common...

Rocky Linux 8 : php:8.0 (RLSA-2023:5927)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5927 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If...

CVE-2023-43067

Dell Unity prior to 5.3 contains an XML External Entity (XXE) vulnerability that could disclose local filesystem files via an XXE attack. Affected product: Dell Unity storage environments; affected version range is prior to 5.3. Root cause: XXE in XML parsing. Impact stated in sources includes ex...

CVE-2023-43624

CX-Designer Ver.3.740 and earlier included in CX-One CXONE-ALD-V4 contains an improper restriction of XML external entity reference XXE vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed m...

Advisory ROSA-SA-2023-2276

software: librsvg 2.52.11 WASP: ROSA-CHROME packageevrstring: librsvg-2.52.11-1.src.rpm CVE-ID: CVE-2023-38633 BDU-ID: 2023-05427 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the XML document merge mechanism XInclude of the vector graphics rendering library librsvg is related to an incorrect...

Ubuntu 16.04 ESM : Spring Framework vulnerabilities (USN-4774-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4774-1 advisory. Toshiaki Maki discovered that Spring Framework incorrectly handled certain XML files. A remote attacker could exploit this with a crafted XML file to cau...

Important: Red Hat Security Advisory: php security update

An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ALSA-2023:5927 Important: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...

Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: DoS...

CVE-2023-45727

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity XXE attacks. By processing a specially crafted request containing...

Xxe

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity XXE attacks. By processing a specially crafted request containing...

JVN#95981460: Improper restriction of XML external entity references (XXE) in Proself

Proself provided by North Grid Corporation improperly restricts XML external entity references XXE CWE-611. The developer states that attacks exploiting this vulnerability have been observed. Impact By processing a specially crafted request containing malformed XML data, arbitrary files on the...

CVE-2023-38728

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258...

CVE-2022-32755

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505...

Xxe

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505...

CVE-2022-32755 IBM Security Directory Server external entity injection

IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505...

CVE-2022-32755

CVE-2022-32755 affects IBM Security Directory Server 6.4.0. It is described as an XML External Entity (XXE) injection when processing XML data, enabling a remote attacker to expose sensitive information or cause memory/resource usage. Remediation referenced in the IBM bulletin: apply IBM Security...