Lucene search
K

24 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in PHP 7.3

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16, and 8.2.X before 8.2.3, the passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hashes end up in the password database, it may allow an application to accept any password for that entry as valid...

8.1CVSS6.5AI score0.00944EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2023-0567

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invali...

8.1CVSS6.9AI score0.00944EPSS
Exploits1References2
OSV
OSV
added 2025/08/11 1:53 p.m.2 views

BIT-LIBPHP-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7AI score0.00944EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 11:2 a.m.33 views

BIT-PHP-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS6.8AI score0.00944EPSS
Exploits1References4
Amazon
Amazon
added 2023/09/13 12:0 a.m.4 views

Important: php

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7.3AI score0.01408EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2023/09/13 12:0 a.m.34 views

Amazon Linux 2 : php (ALASPHP8.1-2023-002)

The version of php installed on the remote host is prior to 8.1.16-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-002 advisory. 2023-09-14: CVE-2023-0568 was added to this advisory. In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before...

8.1CVSS7.2AI score0.01408EPSS
Exploits2References8
OSV
OSV
added 2023/09/09 11:5 a.m.4 views

OESA-2023-1622 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.9AI score0.08003EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.50 views

EulerOS 2.0 SP8 : php (EulerOS-SA-2023-2196)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. I...

8.1CVSS7.2AI score0.01831EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/05/02 12:0 a.m.72 views

Ubuntu 16.04 ESM : PHP vulnerability (USN-6053-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6053-1 advisory. It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any...

8.1CVSS7.2AI score0.00944EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.38 views

CBL Mariner 2.0 Security Update: php (CVE-2023-0567)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0567 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some...

8.1CVSS7.1AI score0.00944EPSS
Exploits1References2
NVD
NVD
added 2023/03/01 8:15 a.m.18 views

CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS8.7AI score0.00944EPSS
Exploits1References3
OSV
OSV
added 2023/03/01 8:15 a.m.6 views

AZL-13740 CVE-2023-0567 affecting package php for versions less than 8.1.16-1

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

6.2CVSS6.6AI score0.00944EPSS
Exploits1References1
OSV
OSV
added 2023/03/01 8:15 a.m.18 views

CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

6.2CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2023/03/01 8:15 a.m.1 views

DEBIAN-CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

6.2CVSS6.4AI score0.00944EPSS
Exploits1References1
Prion
Prion
added 2023/03/01 8:15 a.m.118 views

Default credentials

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

2.1CVSS6.8AI score0.00944EPSS
Exploits1References2Affected Software1
Mageia
Mageia
added 2023/02/27 8:27 p.m.57 views

Updated php packages fix security vulnerability

The passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. CVE-2023-0567 The core path resolution function allocates a buffer one byte too...

8.1CVSS7.4AI score0.01408EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/02/25 12:0 a.m.30 views

SUSE SLED15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2023:0513-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0513-1 advisory. - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. -...

8.1CVSS6.7AI score0.01408EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2023/02/25 12:0 a.m.51 views

SUSE SLES12: apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / etc (SUSE-SU-2023:0515-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0515-1 advisory. - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. - CVE-2023-0662: Fixed DoS vulnerability whe...

8.1CVSS6.7AI score0.01408EPSS
Exploits2References10
SUSE CVE
SUSE CVE
added 2023/02/17 2:5 a.m.2 views

SUSE CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

6.5CVSS6.6AI score0.00944EPSS
Exploits1References8
Cvelist
Cvelist
added 2023/02/16 6:15 a.m.24 views

CVE-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

7.7CVSS8.1AI score0.00944EPSS
Exploits1References2
Rows per page
Query Builder