Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2021-3943.NASL
HistoryDec 07, 2021 - 12:00 a.m.

openSUSE 15 : Recommended update for php7 (openSUSE-SU-2021:3943-1)

2021-12-0700:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

7 High

AI Score

Confidence

High

JSON

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3943-1 advisory.

  • In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower- privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
    (CVE-2021-21703)

  • In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended. (CVE-2021-21707)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:3943-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(155876);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/22");

  script_cve_id("CVE-2021-21703", "CVE-2021-21707");
  script_xref(name:"IAVA", value:"2021-A-0503-S");
  script_xref(name:"IAVA", value:"2021-A-0566-S");

  script_name(english:"openSUSE 15 : Recommended update for php7 (openSUSE-SU-2021:3943-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:3943-1 advisory.

  - In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running
    PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-
    privileged users, it is possible for the child processes to access memory shared with the main process and
    write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and
    writes, which can be used to escalate privileges from local unprivileged user to the root user.
    (CVE-2021-21703)

  - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing
    functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains
    URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus
    interpreting the filename differently from what the user intended, which may lead it to reading a
    different file than intended. (CVE-2021-21707)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1175508");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1192050");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1193041");
  # https://lists.opensuse.org/archives/list/[email protected]/thread/D5SCXUGIHHCMMDJ4KQPRDMJZB4DQFEII/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1f525b31");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-21703");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-21707");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21703");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/12/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:apache2-mod_php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-bz2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-calendar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ctype");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-curl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-dom");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-embed");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-exif");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fastcgi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fileinfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-firebird");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ftp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gettext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-iconv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pcntl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-phar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-posix");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-readline");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-shmop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sockets");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sodium");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvmsg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvsem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-sysvshm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-test");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tidy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-tokenizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlreader");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xmlwriter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-xsl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:php7-zlib");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.3");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.3)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);

var pkgs = [
    {'reference':'apache2-mod_php7-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-bcmath-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-bz2-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-calendar-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-ctype-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-curl-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-dba-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-devel-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-dom-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-embed-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-enchant-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-exif-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-fastcgi-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-fileinfo-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-firebird-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-fpm-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-ftp-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-gd-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-gettext-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-gmp-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-iconv-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-intl-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-json-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-ldap-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-mbstring-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-mysql-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-odbc-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-opcache-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-openssl-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-pcntl-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-pdo-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-pgsql-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-phar-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-posix-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-readline-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-shmop-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-snmp-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-soap-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-sockets-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-sodium-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-sqlite-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-sysvmsg-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-sysvsem-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-sysvshm-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-test-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-tidy-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-tokenizer-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-xmlreader-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-xmlrpc-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-xmlwriter-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-xsl-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-zip-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'php7-zlib-7.4.6-3.29.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var cpu = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && release) {
    if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc');
}
VendorProductVersionCPE
novellopensuseapache2-mod_php7p-cpe:/a:novell:opensuse:apache2-mod_php7
novellopensusephp7p-cpe:/a:novell:opensuse:php7
novellopensusephp7-bcmathp-cpe:/a:novell:opensuse:php7-bcmath
novellopensusephp7-bz2p-cpe:/a:novell:opensuse:php7-bz2
novellopensusephp7-calendarp-cpe:/a:novell:opensuse:php7-calendar
novellopensusephp7-ctypep-cpe:/a:novell:opensuse:php7-ctype
novellopensusephp7-curlp-cpe:/a:novell:opensuse:php7-curl
novellopensusephp7-dbap-cpe:/a:novell:opensuse:php7-dba
novellopensusephp7-develp-cpe:/a:novell:opensuse:php7-devel
novellopensusephp7-domp-cpe:/a:novell:opensuse:php7-dom
Rows per page:
1-10 of 551

Related

suse 6
nessus 46
openvas 42
redhat 3
prion 2
mageia 2
altlinux 8
fedora 6
cve 2
redhatcve 2
veracode 2
osv 16
debiancve 2
ibm 1
debian 7
checkpoint_advisories 1
alpinelinux 2
ubuntucve 2
ubuntu 4
f5 1
cbl_mariner 2
rocky 2
oraclelinux 2
almalinux 2
cloudlinux 2
gentoo 1
redos 1
oracle 3
suse
suse
Recommended update for php7 (moderate)
2021-12-10 00:00:00
Recommended update for php7 (moderate)
2021-12-06 00:00:00
Security update for php7 (moderate)
2022-03-02 00:00:00
nessus
nessus
SUSE SLES15 : Recommended update for php7 (SUSE-SU-2021:3943-1)
2021-12-07 00:00:00
PHP 8.1.x < 8.1.0 Multiple Vulnerabilities
2021-11-30 00:00:00
RHEL 7 : rh-php73-php (RHSA-2022:5491)
2022-07-04 00:00:00
openvas
openvas
openSUSE: Security Advisory for Recommended (openSUSE-SU-2021:3943-1)
2021-12-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3943-1)
2021-12-07 00:00:00
openSUSE: Security Advisory for Recommended (openSUSE-SU-2021:1570-1)
2022-02-01 00:00:00
redhat
redhat
(RHSA-2022:5491) Important: rh-php73-php security and bug fix update
2022-07-04 07:07:16
(RHSA-2022:1935) Moderate: php:7.4 security update
2022-05-10 06:39:36
(RHSA-2022:7628) Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
prion
prion
Code injection
2021-11-29 07:15:00
Code injection
2021-10-25 06:15:00
mageia
mageia
Updated php packages fix security vulnerability
2021-11-20 22:31:06
Updated php packages fix security vulnerability
2021-10-31 14:12:48
altlinux
altlinux
Security fix for the ALT Linux 9 package php7 version 7.3.33-alt1
2021-11-29 00:00:00
Security fix for the ALT Linux 10 package php8.0 version 8.0.13-alt1
2021-12-01 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 8.0.13-alt1
2021-11-20 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: php-7.4.26-1.fc33
2021-11-25 01:05:22
[SECURITY] Fedora 35 Update: php-8.0.13-1.fc35
2021-11-26 01:22:42
[SECURITY] Fedora 34 Update: php-7.4.26-1.fc34
2021-11-25 00:59:03
cve
cve
CVE-2021-21707
2021-11-29 07:15:00
CVE-2021-21703
2021-10-25 06:15:00
redhatcve
redhatcve
CVE-2021-21707
2021-11-23 17:18:07
CVE-2021-21703
2021-10-21 21:02:35
veracode
veracode
XML External Entity (XXE)
2021-11-21 10:33:56
Privilege Escalation
2021-10-22 03:13:17
osv
osv
BIT-php-2021-21707
2024-03-06 11:04:43
php5, php7.0, php7.2, php7.4, php8.0 vulnerability
2021-10-27 21:50:28
php7.4 - security update
2021-10-25 00:00:00
debiancve
debiancve
CVE-2021-21707
2021-11-29 07:15:00
CVE-2021-21703
2021-10-25 06:15:00
ibm
ibm
Security Bulletin: Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2021-21703, CVE-2021-21708, CVE-2021-21707, CVE-2022-31629, CVE-2022-31628)
2022-12-16 17:01:05
debian
debian
[SECURITY] [DLA 2794-1] php7.0 security update
2021-10-27 10:46:54
[SECURITY] [DSA 4993-1] php7.3 security update
2021-10-25 20:25:37
[SECURITY] [DSA 4992-1] php7.4 security update
2021-10-25 20:20:43
checkpoint_advisories
checkpoint_advisories
PHP XML Parser Remote Code Execution (CVE-2021-21707)
2022-02-20 00:00:00
alpinelinux
alpinelinux
CVE-2021-21707
2021-11-29 07:15:00
CVE-2021-21703
2021-10-25 06:15:00
ubuntucve
ubuntucve
CVE-2021-21707
2021-11-29 00:00:00
CVE-2021-21703
2021-10-21 00:00:00
ubuntu
ubuntu
PHP vulnerability
2021-10-27 00:00:00
PHP vulnerabilities
2022-03-07 00:00:00
PHP vulnerabilities
2022-02-22 00:00:00
f5
f5
K17839423 : PHP vulnerability CVE-2021-21703
2021-11-09 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-21703 affecting package php 7.4.14-3
2024-04-26 21:08:25
CVE-2021-21707 affecting package php 7.4.14-3
2024-04-26 21:08:25
rocky
rocky
php:7.4 security update
2022-05-10 06:39:36
php:7.4 security, bug fix, and enhancement update
2022-11-08 06:25:00
oraclelinux
oraclelinux
php:7.4 security update
2022-05-17 00:00:00
php:7.4 security, bug fix, and enhancement update
2022-11-15 00:00:00
almalinux
almalinux
Moderate: php:7.4 security update
2022-05-10 00:00:00
Moderate: php:7.4 security, bug fix, and enhancement update
2022-11-08 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705
2021-11-23 13:13:13
Fix of CVE: CVE-2021-21705, CVE-2021-21704, CVE-2021-21703
2021-11-10 18:27:35
gentoo
gentoo
PHP: Multiple Vulnerabilities
2022-09-29 00:00:00
redos
redos
ROS-20220826-01
2022-08-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

7 High

AI Score

Confidence

High

JSON
Related for OPENSUSE-2021-3943.NASL
suse6nessus46openvas42redhat3prion2mageia2altlinux8fedora6cve2redhatcve2veracode2osv16debiancve2ibm1debian7checkpoint_advisories1alpinelinux2ubuntucve2ubuntu4f51cbl_mariner2rocky2oraclelinux2almalinux2cloudlinux2gentoo1redos1oracle3