Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-1353)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1353 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfcDEBIANBUG: 1123574 CVE-2025-1417...

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-1355)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1355 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfcDEBIANBUG: 1123574 CVE-2025-1417...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-1354)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1354 advisory. NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfcDEBIANBUG: 1123574 CVE-2025-1417...

EUVD-2016-7756

Malware in sbrugna...

EUVD-2019-2754

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-6871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow...

Fedora 42 : php (2025-2c344545bf)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-2c344545bf advisory. PHP version 8.4.10 03 Jul 2025 BcMath: Fixed bug GH-18641 Accessing a BcMath\Number property by ref crashes. nielsdos Core: Fixed bugs GH-17711 and...

Mageia: Security Advisory (MGASA-2024-0375)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2024-678)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-678 advisory. The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that...

Debian: Security Advisory (DSA-5717-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for php7 (SUSE-SU-2023:0073-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : php72 (ALAS-2024-1921)

The version of php72 installed on the remote host is prior to 7.2.26-1.19. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1921 advisory. 2024-02-28: CVE-2019-11045 was added to this advisory. 2024-02-28: CVE-2019-11049 was added to this advisory. 2024-02-28:...

Debian DSA-5424-1 : php7.4 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5424 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...

Debian DSA-5425-1 : php8.2 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5425 advisory. It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use...

SUSE: Security Advisory (SUSE-SU-2023:0514-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K48866433: PHP vulnerability CVE-2019-11046

Security Advisory Description In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeri...

SUSE CVE-2016-4538

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibl...

SUSE CVE-2016-4537

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted call...

SUSE CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

RHEL 9 : php (RHSA-2022:8197)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8197 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...