SUSE CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service application crash or possibly execute...

SUSE CVE-2015-8865

The filecheckmem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service buffer overflow and application...

SUSE CVE-2018-5786

In Long Range Zip aka lrzip 0.631, there is an infinite loop and application hang in the getfileinfo function lrzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file...

[SECURITY] Fedora 36 Update: golang-github-colinmarc-hdfs-2-2.2.0-5.fc36

This is a native golang client for hdfs. It connects directly to the namenode using the protocol buffers API. It tries to be idiomatic by aping the stdlib os package, where possible, and implements the interfaces from it, including os.FileInfo and os.PathError...

CVE-2022-31627

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

CVE-2022-31627

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

Design/Logic Flaw

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

CVE-2022-31627

CVE-2022-31627 affects PHP 8.1.x before 8.1.8, where fileinfo functions (e.g., finfo_buffer) can trigger a heap corruption due to an incorrect patch in the libmagic code. The impact is described as memory corruption that could lead to a crash or potentially arbitrary behavior, with impact conside...

CVE-2022-31627

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

CVE-2022-31627

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

CVE-2022-31627

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

SUSE SLES12 Security Update : php7 (SUSE-SU-2022:1764-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1764-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

SUSE SLES15 Security Update : php7 (SUSE-SU-2022:1768-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1768-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

SUSE SLES12 Security Update : php72 (SUSE-SU-2022:1714-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1714-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...

Updated php packages fix a security vulnerability

In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure...

Fedora 32 : php (2020-96124cc236)

PHP version 7.4.9 06 Aug 2020 Apache: - Fixed bug php79030 Upgrade apache2handler's phpapachesapigetrequesttime to return usec. Herbert256 Core: - Fixed bug php79740 serialize and unserialize methods can not be called statically. Nikita - Fixed bug php79783 Segfault in phpstrreplacecommon. Nikita...

Fedora 31 : php (2020-8e36afc743)

PHP version 7.3.21 06 Aug 2020 Apache: - Fixed bug php79030 Upgrade apache2handler's phpapachesapigetrequesttime to return usec. Herbert256 Core: - Fixed bug php79877 getimagesize function silently truncates after a null byte cmb - Fixed bug php79778 Assertion failure if dumping closure with...

CVE-2019-20050

Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must includ...

CVE-2019-20050

Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must includ...

Remote code execution

Pandora FMS = 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must includ...