Fedora 40 : php (2024-e0d390d35b)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e0d390d35b advisory. PHP version 8.3.14 21 Nov 2024 CLI: Fixed bug GH-16373 Shebang is not skipped for router script in cli-server started through shebang. ilutov Fixed...

AZL-53718 CVE-2024-11236 affecting package php for versions less than 8.1.31-1

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write...

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

Fedora 41 : php (2024-3891a08c9e)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3891a08c9e advisory. PHP version 8.3.14 21 Nov 2024 CLI: Fixed bug GH-16373 Shebang is not skipped for router script in cli-server started through shebang. ilutov Fixed...

UBUNTU-CVE-2024-8929

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server...

PHP 8.3.x < 8.3.14 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.3.14. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.14 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number...