Lucene search
K

15 matches found

Ubuntu
Ubuntu
added 2023/03/13 10:55 a.m.430 views

USN-5947-1: Twig vulnerabilities

Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects automatically cast to strings by PHP. An attacker could possibly use this issue to expose sensitive information. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM...

9.8CVSS7AI score0.08209EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2023/03/13 12:0 a.m.126 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Twig vulnerabilities (USN-5947-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5947-1 advisory. Fabien Potencier discovered that Twig was not properly enforcing sandbox policies when dealing with objects...

9.8CVSS7.1AI score0.08209EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2023/03/13 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-5947-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6AI score0.08209EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2022/12/23 12:0 a.m.23 views

Fedora 36 : php-twig (2022-1695454935)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-1695454935 advisory. Version 1.44.7 2022-09-28 Fix a security issue on filesystem loader possibility to load a template outside a configured directory Tenable has extracted the...

7.5CVSS7.3AI score0.01488EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/12/22 12:0 a.m.30 views

Fedora 36 : php-twig2 (2022-9d8ee4a6de)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-9d8ee4a6de advisory. Version 2.15.3 2022-09-28 Fix a security issue on filesystem loader possibility to load a template outside a configured directory Tenable has extracted the...

7.5CVSS7.3AI score0.01488EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/11/11 12:0 a.m.19 views

Fedora: Security Advisory for php-twig2 (FEDORA-2022-73b9fb7a77)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.01488EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/10/12 12:0 a.m.14 views

Debian: Security Advisory (DLA-3147-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.01488EPSS
Exploits0References3
Debian
Debian
added 2022/10/11 6:0 p.m.25 views

[SECURITY] [DLA 3147-1] twig security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3147-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 11, 2022 https://wiki.debian.org/LTS -...

7.5CVSS7.7AI score0.01488EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/10/08 12:0 a.m.12 views

Fedora: Security Advisory for php-twig2 (FEDORA-2022-9d8ee4a6de)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.01488EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/10/08 12:0 a.m.12 views

Fedora: Security Advisory for php-twig (FEDORA-2022-1695454935)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.7AI score0.01488EPSS
Exploits0References2
Debian
Debian
added 2022/10/05 5:37 a.m.25 views

[SECURITY] [DSA 5246-1] php-twig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5246-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 04, 2022 https://www.debian.org/security/faq -...

7.5CVSS7.7AI score0.01488EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.52 views

Debian DSA-5248-1 : php-twig - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5248 advisory. Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code. For th...

7.5CVSS7.7AI score0.01488EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/09/28 12:0 a.m.53 views

Drupal 9.3.x < 9.3.22 / 9.4.x < 9.4.7 Drupal Vulnerability (SA-CORE-2022-016)

According to its self-reported version, the instance of Drupal running on the remote web server is 9.3.x prior to 9.3.22 or 9.4.x prior to 9.4.7. It is, therefore, affected by a vulnerability. - Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior ...

7.5CVSS7.5AI score0.01488EPSS
Exploits0References7
CVE
CVE
added 2022/09/28 12:0 a.m.261 views

CVE-2022-39261

Twig is affected: versions 1.x before 1.44.7, 2.x before 2.15.3, and 3.x before 3.4.3 have a vulnerability where the filesystem loader can read arbitrary files when a template name is user-controlled (e.g., @namespace/../file) due to validation bypass. The fixed releases are 1.44.7, 2.15.3, and 3...

7.5CVSS7.5AI score0.01488EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2022/09/28 12:0 a.m.66 views

CVE-2022-39261

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the source or include statement to read arbitrary files from outsi...

7.5CVSS7.5AI score0.01488EPSS
Exploits0
Rows per page
Query Builder