GHSA-8X2V-PCG7-94F4 Zend-JSON vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

Zend-JSON vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

GHSA-MHPX-3RV8-WRJM ZendFramework potential XML eXternal Entity injection vectors

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

ZendFramework potential XML eXternal Entity injection vectors

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

GHSA-F4FJ-Q6M4-CC52 ZendFramework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

GHSA-QC7W-4567-84WV Zendframework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

Zendframework vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

RHEL 7 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - firefox: Possible integer overflow to fix inside XMLParse in Expat CVE-2016-9063 - firefox: arbitrary cod...

NewStart CGSL CORE 5.05 / MAIN 5.05 : expat Multiple Vulnerabilities (NS-SA-2023-0028)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has expat packages installed that are affected by multiple vulnerabilities: - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g.,...

Mageia: Security Advisory (MGASA-2016-0227)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xml Entity Expansion (XEE)

Zendframework is vulnerable to Denial of Service DoS through XML Entity Expansion XEE. The library calls the vulnerable methods OMDocument, SimpleXML, and xmlparse which are vulnerable to XML External Entity XXE injections and XEE...

lib32-expat: multiple issues

CVE-2012-6702 predictable random numbers It was found that when calling XMLParse ahead of rand, it causes the pseudo random generator to generate non-random predictable numbers. - CVE-2016-5300 denial of service It was found that original fix for CVE-2012-0876 used too little entropy for the hash...

CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

Debian Security Advisory DSA 2534-1 (postgresql-8.4 - several vulnerabilities)

Two vulnerabilities related to XML processing were discovered in PostgreSQL, an SQL database. CVE-2012-3488contrib/xml2's xsltprocess can be used to read and write external files and URLs. CVE-2012-3489xmlparse fetches external files or URLs to resolve DTD and entity references in XML values. Thi...

PostgreSQL 'xml_parse()' And 'xslt_process()' Multiple Vulnerabilities - Windows

PostgreSQL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postgresql:postgresql";...

CVE-2012-3489

The xmlparse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content tha...

Xxe

The xmlparse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content tha...