28 matches found
AlmaLinux 8 : php:8.2 (ALSA-2026:1412)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1412 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...
RockyLinux 9 : php:8.2 (RLSA-2026:1409)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:1409 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...
CLSA-2025-1760017411 Fix CVE(s): CVE-2025-6491
SECURITY UPDATE: fix NULL pointer dereference in SOAP with huge QName - debian/patches/CVE-2025-6491.patch: Add safeguard in ext/soap/soap.c to handle invalid XML node names produced by libxml2 with extremely large namespace prefixes - CVE-2025-6491...
USN-7648-3: PHP regression
USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735 caused a regression in php7.0, php7.2 and php7.4. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null...
Medium: php8.2
Issue Overview: fsockopen doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. CVE-2025-1220 Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer...
CVE-2025-6491 affecting package php for versions less than 8.1.33-1
CVE-2025-6491 affecting package php for versions less than 8.1.33-1. An upgraded version of the package is available that resolves this issue...
CBL Mariner 2.0 Security Update: php (CVE-2025-6491)
The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6491 advisory. - In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML...
CLSA-2025-1754381195 php: Fix of CVE-2025-6491
CVE-2025-6491: fix buffer overflow vulnerability...
openSUSE Security Advisory (SUSE-SU-2025:02474-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2025:02473-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-4254-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2025:02473-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4254-1] php7.4 security update
Debian LTS Advisory DLA-4254-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 27, 2025 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u9 CVE ID : CVE-2025-1220 CVE-2025-1735 CVE-2025-6491 Multiple security issues were found in PHP, a...
SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2025:02474-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02474-1 advisory. Version update to 8.2.29: - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixe...
SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2025:02473-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02473-1 advisory. - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not...
SUSE SLES15 Security Update : php8 (SUSE-SU-2025:02463-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02463-1 advisory. - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not check for...
Ubuntu: Security Advisory (USN-7648-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-da047483d8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-2c344545bf)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-6491
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...