Lucene search
K

5 matches found

OSV
OSV
added 2025/08/11 1:54 p.m.5 views

BIT-LIBPHP-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...

6.5CVSS6.8AI score0.3786EPSS
Exploits0References7
OSV
OSV
added 2025/02/04 5:59 p.m.5 views

CLSA-2025-1738691753 php: Fix of 2 CVEs

CVE-2024-2756: fix Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix...

6.5CVSS6.8AI score0.49336EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2024/12/19 12:0 a.m.18 views

RockyLinux 8 : php:8.2 (RLSA-2024:10951)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:10951 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

7.5CVSS7.2AI score0.49336EPSS
Exploits7References13
RedHat Linux
RedHat Linux
added 2024/12/11 4:19 p.m.26 views

Moderate: Red Hat Security Advisory: php:8.2 security update

An update for the php:8.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.5CVSS6.7AI score0.3786EPSS
Exploits5References8
OSV
OSV
added 2024/05/03 9:22 a.m.6 views

CLSA-2024-1714728164 Fix CVE(s): CVE-2022-31629, CVE-2024-2756

SECURITY UPDATE: possible insecure cookie abuse - debian/patches/php-7.3-CVE-2024-2756.patch: fix Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix - CVE-2024-2756...

6.5CVSS6.8AI score0.49336EPSS
Exploits2References1
Rows per page
Query Builder