Lucene search
K

49 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : php-pear-1.9.4-23.el7 (AXSA:2022-4004:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4004:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...

7.8CVSS7.5AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.5 views

TencentOS Server 2: php-pear (TSSA-2022:0284)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0284 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

7.8CVSS7.7AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.11 views

TencentOS Server 3: php:7.4 (TSSA-2022:0161)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0161 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.8CVSS7.6AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2020-28949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite file...

7.8CVSS7.6AI score0.84554EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2024/09/04 12:0 a.m.19 views

Ubuntu: Security Advisory (USN-6981-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.84554EPSS
Exploits5References4
OSV
OSV
added 2024/09/03 3:12 p.m.4 views

USN-6981-2 drupal7 vulnerabilities

USN-6981-1 fixed vulnerabilities in Drupal. This update provides the corresponding updates for Ubuntu 14.04 LTS. Original advisory details: It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code...

8.8CVSS7.4AI score0.84554EPSS
Exploits5References4
Ubuntu
Ubuntu
added 2024/08/27 4:57 p.m.32 views

USN-6981-1: Drupal vulnerabilities

It was discovered that Drupal incorrectly sanitized uploaded filenames. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-13671 It was discovered that Drupal incorrectly sanitized archived filenames. A remote attacker could possibly use this issue to overwrite...

8.8CVSS8.1AI score0.84554EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.14 views

RHEL 8 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 Note that Nessus has not tested for...

8.8CVSS7.5AI score0.18286EPSS
Exploits5References1
OSV
OSV
added 2024/05/15 9:2 p.m.36 views

GHSA-J66P-FVP2-FXHJ Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS8.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/15 9:2 p.m.28 views

Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS7.8AI score0.84554EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2024/05/15 8:50 p.m.32 views

GHSA-GXXJ-G9V8-W28P Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS8.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/15 8:50 p.m.29 views

Drupal core Arbitrary PHP code execution

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

7.8CVSS7.8AI score0.84554EPSS
Exploits5References3Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:57 p.m.30 views

K58581302: Archive_Tar vulnerabilities CVE-2020-28948 and CVE-2020-28949

Security Advisory Description CVE-2020-28948 ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28949 ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack...

7.8CVSS7.6AI score0.84554EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.28 views

Rocky Linux 8 : php:7.4 (RLSA-2022:6542)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6542 advisory. - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to...

7.8CVSS7.6AI score0.84554EPSS
Exploits5References7
Oracle linux
Oracle linux
added 2022/11/03 12:0 a.m.35 views

php-pear security update

1:1.9.4-23 - update ArchiveTar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949...

7.8CVSS1.2AI score0.84554EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2022/11/02 4:38 p.m.36 views

Moderate: Red Hat Security Advisory: php-pear security update

An update for php-pear is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.8CVSS7.3AI score0.84554EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2022/09/15 8:54 a.m.62 views

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.3AI score0.84554EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2022/09/15 8:38 a.m.57 views

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS7.3AI score0.84554EPSS
Exploits5References4
OSV
OSV
added 2022/09/15 8:6 a.m.28 views

RLSA-2022:6542 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

7.8CVSS7.9AI score0.84554EPSS
Exploits5References4
AlmaLinux
AlmaLinux
added 2022/09/15 12:0 a.m.48 views

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

7.8CVSS7.8AI score0.84554EPSS
Exploits5References8
Rows per page
Query Builder