Linux Distros Unpatched Vulnerability : CVE-2022-31629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's...

BIT-LIBPHP-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

BIT-LIBPHP-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

Amazon Linux 2 : php (ALASPHP8.0-2024-010)

The version of php installed on the remote host is prior to 8.0.24-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2024-010 advisory. 2024-02-15: CVE-2022-31629 was added to this advisory. 2024-02-15: CVE-2022-31628 was added to this advisory. In PHP...

Amazon Linux 2 : php (ALASPHP8.0-2023-005)

The version of php installed on the remote host is prior to 8.0.24-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-005 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip...

Fedora 36 : php (2022-0b77fbd9e7)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-0b77fbd9e7 advisory. PHP version 8.1.11 29 Sep 2022 Core: Fixed bug php81726: phar wrapper: DOS when using quine gzip file. CVE-2022-31628. cmb Fixed bug php81727: Don't...

PHP 7.4.x < 7.4.32 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...

PHP 8.0.x < 8.0.24 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.0.24. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.24 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files,...

DEBIAN-CVE-2022-31629

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

Code injection

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

CVE-2022-31629

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

CVE-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

PHP 安全漏洞

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP versions prior to 7.4.31, 8.0.24, and 8.1.11, which can be exploited by an attacker to be able to set a standard insecure cookie in a victim's browser...

OTRS XSS Vulnerability (OSA-2022-11)

OTRS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if...

OTRS XSS Vulnerability (OSA-2022-10)

OTRS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if...

CVE-2012-5627 affecting package mysql for versions less than 8.0.24-1

CVE-2012-5627 affecting package mysql for versions less than 8.0.24-1. A patched version of the package is available...

mysql:8.0 security, bug fix, and enhancement update

mysql 8.0.26-1 - Update to MySQL 8.0.26 8.0.25-1 - Update to MySQL 8.0.25 8.0.24-1 - Update to MySQL 8.0.24 - Upstreamed patch: mysql-main-cast.patch 8.0.23-1 - Update to MySQL 8.0.23 - Created mysql-fix-includes-robin-hood.patch - Created mysql-main-cast.patch 8.0.22-1 - Update to MySQL 8.0.22 -...

CVE-2021-2357 affecting package mysql 8.0.24-1

CVE-2021-2357 affecting package mysql 8.0.24-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-2354 affecting package mysql 8.0.24-1

CVE-2021-2354 affecting package mysql 8.0.24-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-2352 affecting package mysql 8.0.24-1

CVE-2021-2352 affecting package mysql 8.0.24-1. An upgraded version of the package is available that resolves this issue...