CentOS 8 : php:7.4 (CESA-2021:4213)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4213 advisory. - php: Use of freed hash key in the pharparsezipfile function CVE-2020-7068 - php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV...

RHEL 8 : php:7.4 (RHSA-2021:4213)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4213 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

CVE-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

PHP < 7.2.34, 7.3 < 7.3.23, 7.4 < 7.4.11 Multiple Vulnerabilities (Oct 2020) - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...