38 matches found
MiracleLinux 7 : php-5.4.16-43.el7.1 (AXSA:2018-2623:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2623:01 advisory. php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function CVE-2017-7890 Tenable has extracted the preceding description block directly...
Linux Distros Unpatched Vulnerability : CVE-2017-7890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not...
K01709026: PHP vulnerabilities CVE-2017-7890 and CVE-2017-9226
Security Advisory Description CVE-2017-7890 The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized...
Ubuntu: Security Advisory (USN-3389-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2303-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2317-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:2522-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
tikzn.co.za Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1148675 Security Researcher Dipu1A Helped patch 1025 vulnerabilities Received 6 Coordinated Disclosure badges Received 22 recommendations , a holder of 6 badges for responsible and coordinated disclosure, found a security vulnerability affecting tikzn.co.za website and its...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1402)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2018-1096)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2018-1249)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : php7 (SUSE-SU-2017:2303-1)
This update for php7 fixes the following issues : - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11142: Remoteattackers could cause a CPU consumption denial of service attack by injectinglong form variables, related to main/phpvariables. bsc1048100 -...
SUSE SLES12 Security Update : php5 (SUSE-SU-2017:2317-1)
This update for php5 fixes the following issues : - CVE-2016-10397: parseurl can be bypassed to return fake host. bsc1047454 - CVE-2017-11143: An invalid free in the WDDX deserialization of booleanparameters could be used by attackers able to inject XML for deserialization tocrash the PHP...
EulerOS Virtualization 2.5.0 : php (EulerOS-SA-2018-1249)
According to the version of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - The GIF decoding function gdImageCreateFromGifCtx in gdgifin.c in the GD Graphics Library aka libgd, as used in PHP before 5.6.31 and 7...
Security Bulletin: A vulnerability in PHP affects PowerKVM
Summary PowerKVM is affected by a vulnerability in PHP. IBM has now addressed this vulnerability. Vulnerability Details CVEID: CVE-2017-7890 DESCRIPTION: libgd could allow a remote attacker to obtain sensitive information, caused by the lack of initialization for colorMap arrays in the GIF decodi...
[slackware-security] gd
New gd packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: This update fixes two security issues: Double-free in gdImagePngPtr denial of service. Buffer over-read into uninitialized memory information leak. For mor...
Slackware 14.2 / current : gd (SSA:2018-108-01)
New gd packages are available for Slackware 14.2 and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-108-01. The text itself is copyright C Slackware Linux, Inc...
CentOS 7 : php (CESA-2018:0406)
An update for php is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Oracle Linux 7 : php (ELSA-2018-0406)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-0406 advisory. 5.4.16-43.1 - gd: fix buffer over-read into uninitialized memory CVE-2017-7890 Tenable has extracted the preceding description block directly from the Oracle...
php security update
5.4.16-43.1 - gd: fix buffer over-read into uninitialized memory CVE-2017-7890...