Lucene search
+L

46 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : php-5.4.16-48.0.1.el7.AXS7 (AXSA:2024-8915:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8915:02 advisory. CVE-2020-7071: fix URL validation with functions like filtervar$url, FILTERVALIDATEURL CVE-2021-21705: fix URL validation functionality via filterva...

5.3CVSS8.6AI score0.02983EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2023/09/13 12:0 a.m.35 views

Amazon Linux 2 : php (ALASPHP8.0-2023-008)

The version of php installed on the remote host is prior to 8.0.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-008 advisory. Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a...

5.9CVSS7.2AI score0.01945EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2022/11/21 12:0 a.m.32 views

SUSE: Security Advisory (SUSE-SU-2022:4068-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.5838EPSS
Exploits18References2
OpenVAS
OpenVAS
added 2022/11/21 12:0 a.m.32 views

SUSE: Security Advisory (SUSE-SU-2022:4069-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.7AI score0.5838EPSS
Exploits18References7
Tenable Nessus
Tenable Nessus
added 2022/11/19 12:0 a.m.42 views

SUSE SLED15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2022:4069-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4069-1 advisory. - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input...

9.8CVSS7.3AI score0.5838EPSS
Exploits18References41
Oracle linux
Oracle linux
added 2022/11/15 12:0 a.m.48 views

php:7.4 security, bug fix, and enhancement update

libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php 7.4.30-1 - rebase to 7.4.30 2099615 7.4.19-3 - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 7.4.19-2 - fix SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 - fix Local privilege escalation via...

9.8CVSS4.1AI score0.73377EPSS
Exploits6
Oracle linux
Oracle linux
added 2022/05/17 12:0 a.m.94 views

php:7.4 security update

libzip 1.6.1-1 - update to 1.6.1 - enable lzma support php-pear 1:1.10.12-1 - update PEAR to 1.10.12 - update ArchiveTar to 1.4.9 - update ConsoleGetopt to 1.4.3 - update XMLUtil to 1.4.5 php-pecl-apcu 5.1.18-1 - update to 5.1.18 php-pecl-rrd php-pecl-xdebug 2.9.5-1 - update to 2.9.5 php-pecl-zip...

7.8CVSS2.3AI score0.01945EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2022/05/10 2:20 p.m.92 views

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS6.6AI score0.01945EPSS
Exploits2References4
OSV
OSV
added 2022/05/10 6:39 a.m.28 views

RLSA-2022:1935 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...

6.4CVSS7.2AI score0.01945EPSS
Exploits2References3
AlmaLinux
AlmaLinux
added 2022/05/10 12:0 a.m.58 views

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...

7.8CVSS0.5AI score0.01945EPSS
Exploits2References6
OSV
OSV
added 2022/05/10 12:0 a.m.29 views

ALSA-2022:1935 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Local privilege escalation via PHP-FPM CVE-2021-21703 php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 For more details about the security issues, including the impact, a CVSS score,...

7.8CVSS7.2AI score0.01945EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2022/05/10 12:0 a.m.72 views

CentOS 8 : php:7.4 (CESA-2022:1935)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:1935 advisory. - php: Local privilege escalation via PHP-FPM CVE-2021-21703 - php: SSRF bypass in FILTERVALIDATEURL CVE-2021-21705 Note that Nessus has not tested for...

7.8CVSS7.1AI score0.01945EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/02/13 12:0 a.m.39 views

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2022-1089)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious...

5.9CVSS7.1AI score0.01945EPSS
Exploits2References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2021-0330)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6AI score0.01945EPSS
Exploits2References4
CloudLinux
CloudLinux
added 2021/11/23 1:13 p.m.84 views

Fix of CVE: CVE-2021-21704, CVE-2021-21703, CVE-2021-21705

CVE-2021-21704: fix integer overflow and subsequent incorrect buffer allocation - CVE-2021-21705: fix incorrect url password validation - CVE-2021-21703: fix incorrect shared memory management, which led to priv escalation...

7.8CVSS3AI score0.01945EPSS
Exploits3References1
OSV
OSV
added 2021/10/04 4:15 a.m.38 views

CVE-2021-21705

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...

5.3CVSS7.1AI score
Exploits0References4
Debian CVE
Debian CVE
added 2021/10/04 4:0 a.m.25 views

CVE-2021-21705

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...

5.3CVSS6.9AI score0.01945EPSS
Exploits1
CVE
CVE
added 2021/10/04 4:0 a.m.850 views

CVE-2021-21705

CVE-2021-21705 describes an SSRF bypass in PHP’s URL validation via filter_var(..., FILTER_VALIDATE_URL). Affected are PHP versions: 7.3.x below 7.3.29, 7.4.x below 7.4.21, and 8.0.x below 8.0.8. The issue allows a URL with an invalid password field to be accepted as valid, potentially causing in...

5.3CVSS6.1AI score0.01945EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2021/10/04 4:0 a.m.26 views

CVE-2021-21705 Incorrect URL validation in FILTER_VALIDATE_URL

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...

4.3CVSS6.4AI score0.01945EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/09/09 12:0 a.m.40 views

Amazon Linux AMI : php73 (ALAS-2021-1532)

The version of php73 installed on the remote host is prior to 7.3.29-1.30. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1532 advisory. Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a...

5.9CVSS7.2AI score0.01945EPSS
Exploits2References5
Rows per page
Query Builder