CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857)
CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858)
CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073)

References

bugzilla.suse.com/1222857

bugzilla.suse.com/1222858

bugzilla.suse.com/1226073

www.suse.com/security/cve/CVE-2024-2756

www.suse.com/security/cve/CVE-2024-3096

www.suse.com/security/cve/CVE-2024-5458

www.suse.com/support/update/announcement/2024/suse-su-20242037-1/

openvas 39

nessus 59

debian 4

fedora 6

slackware 3

mageia 3

vulnrichment 4

osv 24

alpinelinux 4

ubuntucve 4

debiancve 4

nvd 4

cve 4

cvelist 4

redhatcve 4

cloudlinux 1

freebsd 1

ubuntu 3

f5 1

githubexploit 2

cbl_mariner 6

wolfi 1

redos 4

prion 1

checkpoint_advisories 1

altlinux 3

veracode 1

suse 2

gentoo 2

openvas

SUSE: Security Advisory (SUSE-SU-2024:2037-1)

2024-06-18 00:00:00

openSUSE: Security Advisory for php8 (SUSE-SU-2024:1446-1)

2024-04-27 00:00:00

openSUSE: Security Advisory for php7 (SUSE-SU-2024:1444-1)

2024-04-27 00:00:00

nessus

SUSE SLES15 Security Update : php7 (SUSE-SU-2024:2037-1)

2024-06-18 00:00:00

SUSE SLES12 Security Update : php74 (SUSE-SU-2024:1445-1)

2024-04-29 00:00:00

SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2024:1444-1)

2024-04-29 00:00:00

debian

[SECURITY] [DLA 3810-1] php7.3 security update

2024-05-07 23:30:41

[SECURITY] [DSA 5661-1] php8.2 security update

2024-04-15 19:27:08

[SECURITY] [DSA 5660-1] php7.4 security update

2024-04-15 19:25:52

fedora

[SECURITY] Fedora 39 Update: php-8.2.18-1.fc39

2024-04-19 01:18:35

[SECURITY] Fedora 38 Update: php-8.2.18-1.fc38

2024-04-19 02:53:20

[SECURITY] Fedora 40 Update: php-8.3.6-1.fc40

2024-04-19 21:43:53

slackware

[slackware-security] php

2024-04-12 19:36:41

[slackware-security] php

2022-09-30 18:00:43

[slackware-security] php

2024-06-06 19:53:01

mageia

Updated php packages fix security vulnerabilities

2024-04-13 19:56:38

Updated php packages fix security vulnerability

2024-07-11 04:04:23

Updated php packages fix security vulnerability

2022-10-08 23:22:22

vulnrichment

CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

2024-04-29 03:34:16

CVE-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL

2024-04-29 03:42:04

CVE-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)

2024-06-09 18:26:28

osv

php7.3 - security update

2024-05-07 00:00:00

BIT-php-2024-2756

2024-05-14 07:29:36

php7.4, php8.1, php8.2 vulnerabilities

2024-05-02 15:57:55

alpinelinux

CVE-2024-2756

2024-04-29 04:15:07

CVE-2024-5458

2024-06-09 19:15:52

CVE-2024-3096

2024-04-29 04:15:08

ubuntucve

CVE-2024-2756

2024-04-16 00:00:00

CVE-2024-5458

2024-06-11 00:00:00

CVE-2022-31629

2022-09-28 00:00:00

debiancve

CVE-2024-2756

2024-04-29 04:15:07

CVE-2024-5458

2024-06-09 19:15:52

CVE-2024-3096

2024-04-29 04:15:08

nvd

CVE-2024-2756

2024-04-29 04:15:07

CVE-2024-5458

2024-06-09 19:15:52

CVE-2022-31629

2022-09-28 23:15:10

cve

CVE-2024-2756

2024-04-29 04:15:07

CVE-2024-5458

2024-06-09 19:15:52

CVE-2022-31629

2022-09-28 23:15:10

cvelist

CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

2024-04-29 03:34:16

CVE-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL

2024-04-29 03:42:04

CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

2022-09-28 22:25:10

redhatcve

CVE-2024-2756

2024-04-15 08:56:16

CVE-2024-5458

2024-06-12 00:48:25

CVE-2022-31629

2022-10-13 14:29:56

cloudlinux

php: Fix of 2 CVEs

2024-05-09 18:56:08

freebsd

php -- Multiple vulnerabilities

2024-04-11 00:00:00

ubuntu

PHP vulnerabilities

2024-04-29 00:00:00

PHP vulnerabilities

2024-05-02 00:00:00

PHP vulnerabilities

2022-11-08 00:00:00

K000140695: PHP vulnerability CVE-2024-5458

2024-08-13 00:00:00

githubexploit

Exploit for Insufficient Verification of Data Authenticity in Php

2024-09-17 00:22:23

Exploit for Improper Input Validation in Php

2022-10-07 08:15:23

cbl_mariner

CVE-2024-5458 affecting package php for versions less than 8.3.8-1

2024-07-02 23:30:04

CVE-2024-3096 affecting package php for versions less than 8.3.4-1

2024-05-17 21:38:35

CVE-2024-5458 affecting package php for versions less than 8.1.29-1

2024-06-16 16:44:02

wolfi

CVE-2024-5458 vulnerabilities

2024-09-21 15:27:10

redos

ROS-20240820-08

2024-08-20 00:00:00

ROS-20240730-07

2024-07-30 00:00:00

ROS-20240826-02

2024-08-26 00:00:00

prion

Code injection

2022-09-28 23:15:00

checkpoint_advisories

PHP Authentication Bypass (CVE-2022-31629)

2022-11-24 00:00:00

altlinux

Security fix for the ALT Linux 10 package php8.0 version 8.0.24-alt1

2022-10-13 00:00:00

Security fix for the ALT Linux 10 package php8.2 version 8.1.11-alt1

2022-09-30 00:00:00

Security fix for the ALT Linux 10 package php8.1 version 8.1.11-alt1

2022-10-11 00:00:00

veracode

Insecure Cookie

2022-09-30 11:10:30

suse

Security update for php7 (moderate)

2022-11-01 00:00:00

Security update for php8 (important)

2022-10-19 00:00:00

gentoo

PHP: Multiple Vulnerabilities

2024-08-12 00:00:00

PHP: Multiple Vulnerabilities

2022-11-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

JSON

Related for OSV:SUSE-SU-2024:2037-1