RHEL 8 : 7.3_php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: Overflowing the length of string causes crash CVE-2017-8923 - In PHP versions 7.2.x below 7.2.34,...

[SECURITY] [DSA 4856-1] php7.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4856-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2021 https://www.debian.org/security/faq -...

PHP 7.3.x < 7.3.23 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

NETGEAR R6700 Encryption Issues Vulnerabilities

The NETGEAR R6700 is a wireless router from NETGEAR. A cryptographic issue vulnerability exists in the encryption of the firmware update image in the NETGEAR R6700 V1.0.4.8410.0.58 release, which stems from an incorrect encryption algorithm. An attacker could exploit this vulnerability among othe...

PowerArchiver 14.02.03 Incorrect PKZIP Encryption Usage

The remote host has PowerArchiver version 14.02.03 installed. It is, therefore, affected by a flaw with the encryption usage. A flaw exists in the application where the insecure PKZIP encryption method is used when a user attempts to encrypt files with AES 256-bit encryption. Note that Nessus has...