Lucene search
K

90 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 8 : php:7.4 (AXSA:2024-9405:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9405:01 advisory. php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: Passwordverify always return true with some hash CVE-2023-0567 php: Missing...

9.8CVSS8AI score0.49336EPSS
Exploits13References12
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.10 views

TencentOS Server 4: php (TSSA-2025:0005)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0005 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.1CVSS7.4AI score0.49336EPSS
Exploits5References5
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.11 views

TencentOS Server 3: php (TSSA-2023:0117)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0117 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

9.8CVSS7.6AI score0.49336EPSS
Exploits6References6
OSV
OSV
added 2025/01/14 7:19 p.m.14 views

BIT-PHP-MIN-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS7.3AI score0.3786EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/12/11 4:19 p.m.3 views

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

6.5CVSS7.3AI score0.3786EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/12/11 4:16 p.m.7 views

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

6.5CVSS7.3AI score0.3786EPSS
Exploits0References5
OSV
OSV
added 2024/12/11 12:0 a.m.23 views

ALSA-2024:10951 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk CVE-2024-3096 php: Filter bypass in filtervar...

7.5CVSS6.7AI score0.49336EPSS
Exploits7References14
OSV
OSV
added 2024/08/30 11:8 a.m.6 views

OESA-2024-2061 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

6.5CVSS6.8AI score0.3786EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/31 12:0 a.m.37 views

Amazon Linux 2 : php (ALASPHP8.2-2024-004)

The version of php installed on the remote host is prior to 8.2.19-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.2-2024-004 advisory. The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to...

6.5CVSS7.3AI score0.49336EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.28 views

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2024-624)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-624 advisory. The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a...

6.5CVSS7.3AI score0.49336EPSS
Exploits3References6
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.28 views

Fedora: Security Advisory (FEDORA-2024-b46619f761)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS8.5AI score0.49336EPSS
Exploits5References26
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.30 views

Fedora: Security Advisory (FEDORA-2024-5e8ae0def0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS8.5AI score0.49336EPSS
Exploits6References30
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.29 views

Fedora: Security Advisory for php (FEDORA-2024-39d50cc975)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS8.3AI score0.49336EPSS
Exploits5References2
OSV
OSV
added 2024/05/14 7:29 a.m.72 views

BIT-PHP-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS7.3AI score0.3786EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/05/13 12:0 a.m.35 views

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2024-612)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-612 advisory. The vulnerability allows a remote attacker to bypass implemented security restrictions. The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a...

6.5CVSS7.3AI score0.49336EPSS
Exploits3References6
CloudLinux
CloudLinux
added 2024/05/09 6:56 p.m.61 views

php: Fix of 2 CVEs

CVE-2022-31629: Add cookie integrity validation - CVE-2024-2756: Move cookie integrity validation downwards...

6.5CVSS9.2AI score0.49336EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/05/08 12:0 a.m.39 views

Debian dla-3810 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3810 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3810-1 [email protected]...

6.5CVSS7.2AI score0.49336EPSS
Exploits3References8
OSV
OSV
added 2024/04/29 4:15 a.m.3 views

DEBIAN-CVE-2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS6.6AI score0.3786EPSS
Exploits0References1
OSV
OSV
added 2024/04/29 4:15 a.m.6 views

AZL-40070 CVE-2024-2756 affecting package php for versions less than 8.1.28-1

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS6.4AI score0.3786EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/04/29 3:34 a.m.49 views

CVE-2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS7AI score0.3786EPSS
Exploits0
Rows per page
Query Builder