PHP 8.2.x < 8.2.18 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.28, 8.2.x prior to 8.2.18, or 8.3.x prior to 8.3.6. It is, therefore, affected by multiple vulnerabilities: - A command injection via array-ish $command parameter of procopen...

PHP 8.1.11 < 8.1.28, 8.2.x < 8.2.18, 8.3.x < 8.3.6 Security Update (GHSA-wpj3-hf5j-x4v4) - Windows

PHP is prone to a Host-/Secure- cookie bypass vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if...

BIT-PHP-2023-0662 DoS vulnerability when parsing multipart request body

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

CVE-2024-22430

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service...

PHP 8.2.x < 8.2.7 Information Disclosure

According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.29, 8.1.x prior to 8.1.20, or 8.2.x prior to 8.2.7. It is, therefore, affected by an information disclosure vulnerability. The random byte generation function used in the SOAP HTTP...

Information disclosure

Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources...

Design/Logic Flaw

Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to compromised accounts...

Code injection

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISIPRIVLOGINSSH or ISIPRIVLOGINCONSOLE to access privileged information about the cluster...

Design/Logic Flaw

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISIPRIVLOGINPAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change...

Information disclosure

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure...

CVE-2021-36281

Dell EMC PowerScale OneFS versions 8.2.x–9.2.x contain an incorrect permission assignment that can allow a low-privileged authenticated user to escalate privileges. Affected component: privilege/permission handling in OneFS API surface. Root cause: misassigned permissions enabling higher-privileg...

PT-2020-16465 · Leostream · Leostream Connection Broker

Name of the Vulnerable Software and Affected Versions: Leostream Connection Broker versions 8.2.x Description: The issue allows an unauthenticated attacker to inject arbitrary JavaScript code via the User-Agent HTTP header in the webquery.pl file. This code is rendered by administrators the next...

Drupal cross-site request forgery vulnerability (CNVD-2017-03746)

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site request forgery vulnerability exists in Drupal versions 8.2.x prior to 8.2.7, which stems from the program's failure to protect the administrative path with a...