46 matches found
MiracleLinux 7 : php-5.4.16-48.0.1.el7.AXS7 (AXSA:2024-8915:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8915:02 advisory. CVE-2020-7071: fix URL validation with functions like filtervar$url, FILTERVALIDATEURL CVE-2021-21705: fix URL validation functionality via filterva...
Amazon Linux 2 : php (ALASPHP8.0-2023-008)
The version of php installed on the remote host is prior to 8.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-008 advisory. Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a...
SUSE: Security Advisory (SUSE-SU-2022:4068-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:4069-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2022:4069-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4069-1 advisory. - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input...
php:7.4 security, bug fix, and enhancement update
libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.30-1 - rebase to 7.4.30 2099615 7.4.19-3 - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 7.4.19-2 - fix SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 - fix Local privilege escalation via...
php:7.4 security update
libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php-pear 1:1.10.12-1 - update PEAR to 1.10.12 - update ArchiveTar to 1.4.9 - update ConsoleGetopt to 1.4.3 - update XMLUtil to 1.4.5 php-pecl-apcu 5.1.18-1 - update to 5.1.18 php-pecl-rrd php-pecl-xdebug 2.9.5-1 - update to 2.9.5 php-pecl-zip...
Moderate: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RLSA-2022:1935 Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...
ALSA-2022:1935 Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...
CentOS 8 : php:7.4 (CESA-2022:1935)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1935 advisory. - php: Local privilege escalation via PHP-FPM CVE-2021-21703 - php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 Note that Nessus has not tested for...
EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2022-1089)
According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious...
Mageia: Security Advisory (MGASA-2021-0330)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705
CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...
CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...
CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...
CVE-2021-21705
CVE-2021-21705 describes an SSRF bypass in PHP’s URL validation via filter_var(..., FILTER_VALIDATE_URL). Affected are PHP versions: 7.3.x below 7.3.29, 7.4.x below 7.4.21, and 8.0.x below 8.0.8. The issue allows a URL with an invalid password field to be accepted as valid, potentially causing in...
CVE-2021-21705 Incorrect URL validation in FILTER_VALIDATE_URL
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...
Amazon Linux AMI : php73 (ALAS-2021-1532)
The version of php73 installed on the remote host is prior to 7.3.29-1.30. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1532 advisory. Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a...