EUVD-2007-1576

Malware in sbrugna...

EUVD-2010-4663

Malware in sbrugna...

EUVD-2006-4472

Malware in sbrugna...

EUVD-2019-3583

Malware in sbrugna...

EUVD-2022-53082

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-11925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously...

Linux Distros Unpatched Vulnerability : CVE-2019-11038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the gdImageCreateFromXbm function in the GD Graphics Library aka LibGD 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2...

Linux Distros Unpatched Vulnerability : CVE-2006-4484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact...

CVE-2019-11926

Insufficient boundary checks when processing MSOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions betwee...

SUSE CVE-2022-31630

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

BIT-PHP-MIN-2022-31630 OOB read due to insufficient input validation in imageloadfont()

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

PT-2024-37535 · WordPress · Testimonials

Name of the Vulnerable Software and Affected Versions: IQ Testimonials plugin for WordPress versions up to, and including, 2.2.7 Description: The issue is related to insufficient file type validation in the process image upload function, allowing unauthenticated attackers to upload arbitrary file...

BIT-PHP-2022-31630 OOB read due to insufficient input validation in imageloadfont()

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

Amazon Linux 2 : php (ALASPHP8.1-2023-001)

The version of php installed on the remote host is prior to 8.1.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-001 advisory. In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to...

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-2243)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a...

Oracle Linux 8 : php:7.4 (ELSA-2023-2903)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2903 advisory. - CVE-2015-2331: integer overflow when processing ZIP archives 1204676,1204677 - fixes for CVE-2012-1162 and CVE-2012-1163 - fix: due to an integer...

Oracle Linux 8 : php:8.0 (ELSA-2023-0848)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0848 advisory. php 8.0.27-1 - rebase to 8.0.27 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

Rocky Linux 8 : php:8.0 (RLSA-2023:0848)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0848 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute...

SUSE CVE-2006-4484

Buffer overflow in the LWZReadByte function in ext/gd/libgd/gdgifin.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with inputcodesize greater than MAXLWZBITS, which triggers an overflow when initializing the table array...

Fedora 35 : php (2022-f2a5082860)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f2a5082860 advisory. PHP version 8.0.25 27 Oct 2022 GD: Fixed bug php81739: OOB read due to insufficient input validation in imageloadfont. CVE-2022-31630 cmb Hash: Fixe...