104 matches found
CLSA-2025-1754342894 php: Fix of CVE-2025-6491
CVE-2025-6491: fix buffer overflow vulnerability...
CVE-2026-6491
creationtimestamp| type| source ---|---|--- 2026-04-17 19:05:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjpmksr5uf2d...
CVE-2026-6491
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...
DEBIAN-CVE-2026-6491
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...
CVE-2026-6491
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...
UBUNTU-CVE-2026-6491
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...
CVE-2026-6491
Affected software and component: libvips (up to 8.18.2), specifically the nip2 Handler’s function im_minpos_vec in libvips/deprecated/vips7compat.c. Root cause / vulnerability: manipulation of the argument n leads to a heap-based buffer overflow. Impact (as stated): local attack feasibility with ...
Linux Distros Unpatched Vulnerability : CVE-2026-6491
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat....
AlmaLinux 8 : php:8.2 (ALSA-2026:1412)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1412 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...
RockyLinux 9 : php:8.2 (RLSA-2026:1409)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1409 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...
CLSA-2025-1760017411 Fix CVE(s): CVE-2025-6491
SECURITY UPDATE: fix NULL pointer dereference in SOAP with huge QName - debian/patches/CVE-2025-6491.patch: Add safeguard in ext/soap/soap.c to handle invalid XML node names produced by libxml2 with extremely large namespace prefixes - CVE-2025-6491...
USN-7648-3: PHP regression
USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735 caused a regression in php7.0, php7.2 and php7.4. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null...
CVE-2025-6491 affecting package php for versions less than 8.3.23-1
CVE-2025-6491 affecting package php for versions less than 8.3.23-1. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2025-6491
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML...
Medium: php8.2
Issue Overview: fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer...
CVE-2025-6491 affecting package php for versions less than 8.1.33-1
CVE-2025-6491 affecting package php for versions less than 8.1.33-1. An upgraded version of the package is available that resolves this issue...
CBL Mariner 2.0 Security Update: php (CVE-2025-6491)
The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6491 advisory. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML...
CLSA-2025-1754381195 php: Fix of CVE-2025-6491
CVE-2025-6491: fix buffer overflow vulnerability...
openSUSE Security Advisory (SUSE-SU-2025:02474-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:02473-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...