61 matches found
TencentOS Server 4: php (TSSA-2025:0005)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0005 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
TencentOS Server 3: php (TSSA-2023:0117)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0117 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Amazon Linux 2 : php (ALASPHP8.0-2024-010)
The version of php installed on the remote host is prior to 8.0.24-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2024-010 advisory. 2024-02-15: CVE-2022-31629 was added to this advisory. 2024-02-15: CVE-2022-31628 was added to this advisory. In PHP...
Medium: php
Issue Overview: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...
Amazon Linux 2 : php (ALASPHP8.0-2023-005)
The version of php installed on the remote host is prior to 8.0.24-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-005 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip...
EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-2243)
According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2023-2243)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 8 : php:7.4 (ALSA-2023:2903)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2903 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cookie...
Moderate: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : php:7.4 (RHSA-2023:2903)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2903 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...
ALSA-2023:2903 Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.33. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...
AlmaLinux 9 : php:8.1 (ALSA-2023:2417)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2417 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cookie...
RHEL 9 : php:8.1 (RHSA-2023:2417)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2417 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...
ALSA-2023:2417 Moderate: php:8.1 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.1.14. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...
Moderate: php:8.1 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.1.14. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...
RLSA-2023:0965 Moderate: php security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0.27. BZ2161667 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cook...
Important: php8.1
Issue Overview: A vulnerability was found in php. This issue occurs due to memory corruption in the finfobuffer function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor to execute a heap buffer overflow successfully, causing a memory crash. CVE-2022-31627 ...
Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2023-081)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-081 advisory. A vulnerability was found in php. This issue occurs due to memory corruption in the finfobuffer function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor...
Ubuntu: Security Advisory (USN-5905-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 ESM : PHP vulnerabilities (USN-5905-1)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5905-1 advisory. It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of service. CVE-2022-31628...