26 matches found
Mageia: Security Advisory (MGASA-2020-0148)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...
Moderate: php:7.3 security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...
ALSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...
Debian DSA-4719-1 : php7.3 - security update
Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or potentially the execution of arbitrary code. C Tenable Network Security, Inc. The descriptive text and package checks in this...
[SECURITY] [DSA 4719-1] php7.3 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4719-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 06, 2020 https://www.debian.org/security/faq -...
Security Bulletin: IBM API Connect is impacted by vulnerabilities in PHP (CVE-2020-7066, CVE-2020-7065, CVE-2020-7064)
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-7066 DESCRIPTION: PHP could allow a remote attacker to obtain sensitive information, caused by an issue when the getheaders silently truncates anything after a null byte in the URL it uses. ...
Amazon Linux AMI : php73 (ALAS-2020-1368)
The version of php73 installed on the remote host is prior to 7.3.17-1.25. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1368 advisory. In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata...
Medium: php73
Issue Overview: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...
Ubuntu: Security Advisory (USN-4330-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4330-2 php7.4 vulnerabilities
USN-4330-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain EXIF files. An attacker could possibly use this issue to access sensitive information or cause a crash...
PHP mb_strtolower Stack Buffer Overflow (CVE-2020-7065)
A stack buffer overflow vulnerability exists in PHP. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-7065
A vulnerability was found in PHP while using the mbstrtolower function with UTF-32LE encoding, where certain invalid strings cause PHP to overwrite the stack-allocated buffer. This flaw leads to memory corruption, crashes, and potential code execution...
Internet Bug Bounty: mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full (CVE-2020-7065)
PHP bug report made public by the maintainers at the time of writing: https://bugs.php.net/bug.php?id=79371 Mitre CVE page: https://vulners.com/cve/CVE-2020-7065 Link to the release notes: https://www.php.net/ChangeLog-7.php7.4.4 Impact One of impacts is that the issue allows an attacker to...
CVE-2020-7065
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mbstrtolower function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution...
CVE-2020-7065
CVE-2020-7065 concerns PHP mb_strtolower() with UTF-32LE encoding. Affects PHP 7.3.x below 7.3.16 and 7.4.x below 7.4.4; invalid strings can cause a stack-allocated buffer overrun, leading to memory corruption, crashes, and potential code execution. Publicly documented fixes appear in PHP 7.3.16+...
Fedora: Security Advisory for php (FEDORA-2020-ce5a2a7403)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
GLSA-202003-57 : PHP: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202003-57 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary shell commands,...
PHP 7.3.x < 7.3.16 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.16. It is, therefore, affected by the following vulnerabilities: - An out of bounds read resulting in the use of an uninitialized value in exif. CVE-2020-7064 - A stack buffer overflow in mbstrtolow...