Lucene search
+L

12 matches found

Ubuntu
Ubuntu
added 2025/06/30 4:29 a.m.9 views

USN-7603-1: Composer vulnerabilities

Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...

8.8CVSS7.5AI score0.03282EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/06/30 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7603-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.03282EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2023-43655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php fi...

8.8CVSS7.2AI score0.0139EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/27 12:0 a.m.35 views

Debian dla-3777 : composer - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3777 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3777-1 [email protected] https://www.debian.org/lts/security/...

8.8CVSS7.8AI score0.0139EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.16 views

openSUSE: Security Advisory for php (SUSE-SU-2023:4041-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.0139EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/24 12:0 a.m.25 views

Amazon Linux 2023 : composer (ALAS2023-2023-384)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-384 advisory. Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code executi...

8.8CVSS7.5AI score0.0139EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/10/15 12:0 a.m.19 views

Fedora 38 : composer (2023-f3dedfef46)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-f3dedfef46 advisory. Version 2.6.5 - 2023-10-06 Fixed error when vendor dir contains broken symlinks 11670 Fixed composer.lock missing from Composer's zip archives 11674...

8.8CVSS8.1AI score0.0139EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/11 12:0 a.m.22 views

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2023:4041-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4041-1 advisory. - CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.pha...

8.8CVSS7.5AI score0.0139EPSS
Exploits0References4
Circl
Circl
added 2023/09/30 12:38 a.m.6 views

CVE-2023-43655

creationtimestamp| type| source ---|---|--- 2023-09-30 00:38:01+00:00| seen| https://t.me/cibsecurity/71335...

8.8CVSS7.2AI score0.0139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/29 7:33 p.m.24 views

CVE-2023-43655 Remote Code Execution via web-accessible composer.phar

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

6.4CVSS7.8AI score0.0139EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2023/09/29 7:33 p.m.29 views

CVE-2023-43655

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

8.8CVSS8AI score0.0139EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.30 views

FreeBSD : Remote Code Execution via web-accessible composer (33922b84-5f09-11ee-b63d-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 33922b84-5f09-11ee-b63d-0897988a1c07 advisory. - Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible...

8.8CVSS7.5AI score0.0139EPSS
Exploits0References3
Rows per page
Query Builder