Lucene search
+L

63 matches found

osv
osv
added 4 days ago2 views

OPENSUSE-SU-2026:21308-1 Security update for php8

This update for php8 fixes the following issues - Update to versio 8.4.23 - CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw bsc1270351...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References4
osv
osv
added 2026/07/08 11:35 a.m.6 views

BIT-PHP-MIN-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References3
osv
osv
added 2026/07/08 11:32 a.m.8 views

BIT-LIBPHP-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References3
susecve
susecve
added 2026/07/07 2:31 a.m.7 views

SUSE CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References3
nessus
nessus
added 2026/07/05 12:0 a.m.12 views

Debian dsa-6377 : libapache2-mod-php8.4 - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6377 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References4
debian
debian
added 2026/07/04 2:23 p.m.8 views

[SECURITY] [DLA 4669-1] php8.2 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
cvelist
cvelist
added 2026/07/03 8:57 p.m.89 views

CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00306EPSS
Exploits0References1
cve
cve
added 2026/07/03 8:57 p.m.54 views

CVE-2026-14355

The CVE-2026-14355 issue affects PHP 8.2.x before 8.2.32, 8.3.x before 8.3.32, 8.4.x before 8.4.23, and 8.5.x before 8.5.8. It is caused by a buffer allocation flaw in the AES-WRAP-PAD algorithm within the OpenSSL extension, where the output buffer for AES key-wrap-with-padding is sized from plai...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2026/07/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-14355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-1473

Malware in sbrugna...

4.3CVSS6AI score0.13263EPSS
Exploits2References14
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2011-4069

Malware in sbrugna...

9.8CVSS9.4AI score0.02529EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.17 views

EUVD-2024-44220

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00501EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 1:1 a.m.11 views

CVE-2022-31085

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...

6.1CVSS6.7AI score0.00259EPSS
Exploits0References1
nessus
nessus
added 2025/03/04 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2017-11144

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing...

7.5CVSS6.9AI score0.06164EPSS
Exploits0References2
nessus
nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2015-1855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - verifycertificateidentity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate...

5.9CVSS6.9AI score0.02815EPSS
Exploits0References2
nvd
nvd
added 2024/05/29 5:16 a.m.34 views

CVE-2024-4611

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the sit...

8.1CVSS8AI score0.00501EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2024/05/29 12:0 a.m.11 views

PT-2024-31911 · WordPress · Apppresser

Name of the Vulnerable Software and Affected Versions: AppPresser plugin for WordPress versions up to, and including, 4.3.2 Description: The issue arises from improper missing encryption exception handling on the decrypt value and doCookieAuth functions. This allows unauthenticated attackers to l...

8.1CVSS7AI score0.00501EPSS
Exploits0References8
cvelist
cvelist
added 2024/05/02 4:52 p.m.26 views

CVE-2024-3729 Frontend Admin by DynamiApps <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can ...

9.8CVSS9.7AI score0.00815EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-1468

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service memory consumption via 1 plaintext data to the opensslencrypt function or 2 ciphertext data to the openssldecrypt function...

4.3CVSS6.9AI score0.13263EPSS
Exploits2References3
susecve
susecve
added 2023/02/15 5:50 a.m.5 views

SUSE CVE-2011-4121

The OpenSSL extension of Ruby Git trunk versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation...

9.8CVSS7AI score0.02529EPSS
Exploits0References3
Rows per page
Query Builder