57 matches found
MiracleLinux 7 : php-pear-1.9.4-23.el7 (AXSA:2022-4004:01)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4004:01 advisory. ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename...
EUVD-2021-1814
Malware in sbrugna...
TencentOS Server 2: php-pear (TSSA-2022:0284)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0284 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...
TencentOS Server 3: php:7.4 (TSSA-2022:0161)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0161 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2020-36193
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to...
PHP Archive_Tar Directory Traversal (CVE-2020-36193)
A directory traversal vulnerability exists in PHP AchiveTar. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...
Rocky Linux 8 : php:7.4 (RLSA-2022:6542)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6542 advisory. - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to...
php-pear security update
1:1.9.4-23 - update ArchiveTar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949...
Moderate: Red Hat Security Advisory: php-pear security update
An update for php-pear is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Moderate: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RLSA-2022:6542 Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...
ALSA-2022:6542 Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...
CVE-2020-36193
creationtimestamp| type| source ---|---|--- 2022-09-01 17:03:00+00:00| seen| https://t.me/technicalprivatecat/128 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-12-24 20:32:50+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971689 2025-02-23...
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...
SUSE: Security Advisory (SUSE-SU-2021:3018-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for php7-pear (openSUSE-SU-2021:1267-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:1267-1 Security update for php7-pear
This update for php7-pear fixes the following issues: - CVE-2020-36193: Fixed ArchiveTar directory traversal due to inadequate checking of symbolic links bsc1189591. This update was imported from the SUSE:SLE-15-SP2:Update update project...
openSUSE 15 Security Update : php7-pear (openSUSE-SU-2021:3018-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:3018-1 advisory. - Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issu...