32 matches found
CLSA-2025-1766050574 podman: Fix of CVE-2025-52881
CVE-2025-52881: fix security vulnerability in /proc file handle operations - Partial backport: add pathrs-lite library from runc v1.2.8 vendor directory...
CVE-2021-37704
PhpFastCache is a high-performance backend cache system packagist package phpfastcache/phpfastcache. In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located...
GHSA-QMWF-J7G7-F5JW Cross-Site Scripting in third party library mso/idna-convert
Make sure to not expose the vendor directory to the publicly accessible document root. In composer managed installation, make sure to configure a dedicated web folder. In general it is recommended to not expose the complete typo3src sources folder in the document root...
CVE-2024-28859 Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer...
CVE-2024-28859 Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer...
Information Disclosure
microsoft/microsoft-graph-core is vulnerable to Information Disclosure. The vulnerability is due to the inclusion of test code that enables the use of the phpInfo function, specifically through the GetPhpInfo.php script, which can expose sensitive system information if the server is misconfigured...
FreeBSD : Composer -- Code execution and possible privilege escalation (33ba2241-c68e-11ee-9ef3-001999f8d30b)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 33ba2241-c68e-11ee-9ef3-001999f8d30b advisory. - Composer is a dependency Manager for the PHP language. In affected versions several files within the...
GHSA-7C6P-848J-WH5H Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
Impact Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code...
Information Disclosure
microsoft/microsoft-graph is vulnerable to Information Disclosure. The vulnerability exists in the phpinfo function of GetPhpInfo.php, allowing an attacker to access unauthorized system information such as configuration details, modules, and environment variables. This vulnerability is only...
GHSA-MHHP-C3CM-2R86 Test code in published microsoft-graph-core package exposes phpinfo()
Impact The Microsoft Graph Core PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php. The phpInfo function exposes system...
PT-2023-31150 · Microsoft · Msgraph-Sdk-Php
Name of the Vulnerable Software and Affected Versions: msgraph-sdk-php versions prior to 1.109.1 msgraph-sdk-php versions prior to 2.0.0-RC5 Description: The Microsoft Graph PHP SDK contains a vulnerability that exposes system information through the phpinfo function. This issue affects the...
PT-2023-31151 · Microsoft · Microsoft-Graph-Core
Name of the Vulnerable Software and Affected Versions: microsoft-graph-core versions prior to 2.0.2 Description: The Microsoft Graph Beta PHP SDK contains test code that enables the use of the phpInfo function from any application that can access and execute the file at...
Fedora: Security Advisory for glide (FEDORA-2022-5ef0bd9a27)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: glide-0.13.2-11.fc36
Glide is a tool for managing the vendor directory within a Go package. This feature, first introduced in Go 1.5, allows each package to have a vendor directory containing dependent packages for the project. These vendor packages can be installed by a tool e.g. glide, similar to go get or they can...
[SECURITY] Fedora 35 Update: glide-0.13.2-10.fc35
Glide is a tool for managing the vendor directory within a Go package. This feature, first introduced in Go 1.5, allows each package to have a vendor directory containing dependent packages for the project. These vendor packages can be installed by a tool e.g. glide, similar to go get or they can...
[SECURITY] Fedora 36 Update: glide-0.13.2-10.fc36
Glide is a tool for managing the vendor directory within a Go package. This feature, first introduced in Go 1.5, allows each package to have a vendor directory containing dependent packages for the project. These vendor packages can be installed by a tool e.g. glide, similar to go get or they can...
Vendor Stream Wrapper - Moderately critical - Unsupported - SA-CONTRIB-2022-019
This module provides a stream wrapper for files located in the vendor directory. Even when the vendor directory is moved outside the webroot, it allows providing publically accessible URLs to these files. The module exposes all files that are in the vendor directory, without a site owner's...
GHSA-CVH5-P6R6-G2QC Exposed phpinfo() leadked via documentation files
Impact The phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule .htaccess, etc. Patches Only the v6, v7 and v8 will be patched respectively in...
Exposed phpinfo() leadked via documentation files
Impact The phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule .htaccess, etc. Patches Only the v6, v7 and v8 will be patched respectively in...
CVE-2021-37704
PhpFastCache is a high-performance backend cache system packagist package phpfastcache/phpfastcache. In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located...