117 matches found
CLSA-2026-1776958842 python3: Fix of CVE-2022-37454
CVE-2022-37454: port xkcp fix for buffer overflows in the bundled sha-3 keccak sponge implementation...
TencentOS Server 3: php (TSSA-2023:0117)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0117 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2022-37454
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary...
Fedora 38 : python3.6 (2022-17bc21cf38)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-17bc21cf38 advisory. Security fix for CVE-2022-37454. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
Fedora 37 : python3.6 (2022-cae8089f93)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-cae8089f93 advisory. Security fix for CVE-2022-37454. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
Fedora 37 : python3.8 (2022-cb47d98a05)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-cb47d98a05 advisory. Security fix for CVE-2022-37454 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
Amazon Linux 2 : python38 (ALASPYTHON3.8-2023-004)
The version of python38 installed on the remote host is prior to 3.8.15-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PYTHON3.8-2023-004 advisory. The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that...
Important: python38
Issue Overview: The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. CVE-2022-37454 Affected...
Amazon Linux 2 : php (ALASPHP8.1-2023-001)
The version of php installed on the remote host is prior to 8.1.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-001 advisory. In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to...
Important: php
Issue Overview: In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead ...
Amazon Linux 2 : php (ALASPHP8.0-2023-004)
The version of php installed on the remote host is prior to 8.0.25-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-004 advisory. In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to...
EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-2243)
According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a...
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2023-2243)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-2229)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 8 : php:7.4 (ALSA-2023:2903)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2903 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cookie...
Moderate: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2023:2903 Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.4.33. Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could b...
EulerOS Virtualization 2.10.0 : python3 (EulerOS-SA-2023-1927)
According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows...
AlmaLinux 9 : php:8.1 (ALSA-2023:2417)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2417 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cookie...
RHEL 9 : php:8.1 (RHSA-2023:2417)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2417 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...