19 matches found
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
Security Bulletin: IBM API Connect is vulnerable to vulnerabilities in PHP (CVE-2020-7061, CVE-2020-7062, CVE-2020-7063)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-7061 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an error while extracting PHAR files on Windows using phar extension. An attacker could exploit...
GLSA-202003-57 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202003-57 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary shell commands,...
Amazon Linux AMI : php72 (ALAS-2020-1350)
The version of php72 installed on the remote host is prior to 7.2.28-1.21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1350 advisory. In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension,...
Amazon Linux AMI : php73 (ALAS-2020-1351)
The version of php73 installed on the remote host is prior to 7.3.15-1.24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1351 advisory. In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension,...
Medium: php73
Issue Overview: In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...
Updated php packages fix bugs and security vulnerabilities
Updated php packages fix bugs and security vulnerabilities: Core: - Fixed bug 71876 Memory corruption htmlspecialchars: charset ' not supported. - Fixed bug 79146 cscript can fail to run on some systems. - Fixed bug 78323 Code 0 is returned on invalid options. - Fixed bug 76047 Use-after-free...
PHP 7.2.x < 7.2.28 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is prior to 7.2.28, 7.3.x prior to 7.3.15, or 7.4.x prior to 7.4.3. It is, therefore, affected by multiple vulnerabilities: - A heap buffer overflow exists in pharextractfile. CVE-2020-7061 - A null pointer dereference...
PHP 7.3.x < 7.3.15 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is prior to 7.2.28, 7.3.x prior to 7.3.15, or 7.4.x prior to 7.4.3. It is, therefore, affected by multiple vulnerabilities: - A heap buffer overflow exists in pharextractfile. CVE-2020-7061 - A null pointer dereference...
PHP 7.2.x < 7.2.28 / PHP 7.3.x < 7.3.15 / 7.4.x < 7.4.3 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is either 7.2.x prior to 7.2.28, 7.3.x prior to 7.3.15, or 7.4.x prior to 7.4.3. It is, therefore, affected by multiple vulnerabilities: - A heap-based buffer overflow condition exists in pharextractfile function due to...
Fedora 31 : php (2020-32f9a2b308)
PHP version 7.3.15 20 Feb 2020 Core: - Fixed bug php71876 Memory corruption htmlspecialchars: charset ' not supported. Nikita - Fixed bug php79146 cscript can fail to run on some systems. clarodeus - Fixed bug php78323 Code 0 is returned on invalid options. Ivan Mikheykin - Fixed bug php76047...
Fedora: Security Advisory for php (FEDORA-2020-32f9a2b308)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-7061
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...
CVE-2020-7061
CVE-2020-7061 is a PHP issue: when PHP 7.3.x below 7.3.15 and 7.4.x below 7.4.3 extract PHAR files on Windows using the phar extension, one byte could read past the allocated buffer, potentially enabling information disclosure or a crash. Public documentation consistently ties this to PHAR extrac...
CVE-2020-7061 heap-buffer-overflow in phar_extract_file
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...
Security fix for the ALT Linux 9 package php7 version 7.3.15-alt1
7.3.15-alt1 built Feb. 27, 2020 Anton Farygin in task 246728 Feb. 20, 2020 Anton Farygin - 7.3.15 Fixes: CVE-2020-7063, CVE-2020-7062, CVE-2020-7061...
Security fix for the ALT Linux 10 package php8.0 version 7.3.15-alt1
Feb. 20, 2020 Anton Farygin 7.3.15-alt1 - 7.3.15 Fixes: CVE-2020-7063, CVE-2020-7062, CVE-2020-7061...
Security fix for the ALT Linux 10 package php8.1 version 7.3.15-alt1
Feb. 20, 2020 Anton Farygin 7.3.15-alt1 - 7.3.15 Fixes: CVE-2020-7063, CVE-2020-7062, CVE-2020-7061...