34 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-7059
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supp...
CVE-2020-7059
creationtimestamp| type| source ---|---|--- 2023-11-28 00:21:00+00:00| seen| https://t.me/arpsyndicate/619 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
SUSE SLES11 Security Update : php53 (SUSE-SU-2020:14289-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14289-1 advisory. - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and...
SUSE: Security Advisory (SUSE-SU-2020:0622-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: php:7.3 security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...
ALSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...
EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1895)
According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1821)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7060, CVE-2020-7059)
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-7060 DESCRIPTION: PHP is vulnerable to a buffer overflow, caused by improper bounds checking by the mbflfiltconvbig5wchar function. By sending specially crafted data, a remote attacker could...
GLSA-202003-57 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202003-57 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary shell commands,...
Security update for php7 (important)
openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:0341-1 Rating: important References: 1162629 1162632 1165280 1165289 Cross-References: CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 Affected Products: openSUSE Leap 15.1 An update that fixes four...
Amazon Linux AMI : php73 (ALAS-2020-1347)
The version of php73 installed on the remote host is prior to 7.3.14-1.23. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1347 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...
Amazon Linux AMI : php72 (ALAS-2020-1346)
The version of php72 installed on the remote host is prior to 7.2.27-1.20. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1346 advisory. When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and...
Medium: php73
Issue Overview: When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...
Medium: php72
Issue Overview: When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...
Ubuntu 16.04 LTS : PHP regression (USN-4279-2)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4279-2 advisory. USN-4279-1 fixed vulnerabilities in PHP. The updated packages caused a regression. This update fixes the problem. We apologize for the inconvenience. Tenable has...
SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0397-1)
This update for php72 fixes the following issues : Security issues fixed : CVE-2020-7059: Fixed an out-of-bounds read in phpstriptagsex bsc1162629. CVE-2020-7060: Fixed a global buffer-overflow in mbflfiltconvbig5wchar bsc1162632. CVE-2019-20433: Fixed a buffer over-read when processing strings...
[SECURITY] [DSA 4628-1] php7.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4628-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2020 https://www.debian.org/security/faq -...