12 matches found
EUVD-2020-28203
Malware in sbrugna...
BIT-PHP-MIN-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
RHEL 8 : 7.3_php (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: Overflowing the length of string causes crash CVE-2017-8923 - In PHP versions 7.2.x below 7.2.34,...
AZL-78558 CVE-2023-5363 affecting package openssl-fips-provider 3.1.2-1
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
OPENSUSE-SU-2020:1767-1 Security update for php7
This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...
Medium: php72, php73
Issue Overview: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
Security update for php7 (important)
openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:1703-1 Rating: important References: 1177351 1177352 Cross-References: CVE-2020-7069 CVE-2020-7070 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available. Description: Thi...
PHP 7.4.x < 7.4.11 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...
PHP 7.3.x < 7.3.23 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...