Lucene search
K

4 matches found

OSV
OSV
added 2025/08/11 1:53 p.m.4 views

BIT-LIBPHP-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7AI score0.00944EPSS
Exploits1References4
OSV
OSV
added 2023/09/09 11:5 a.m.5 views

OESA-2023-1622 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.9AI score0.08003EPSS
Exploits6References8
OSV
OSV
added 2023/03/01 8:15 a.m.1 views

DEBIAN-CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

6.2CVSS6.4AI score0.00944EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/02/25 12:0 a.m.31 views

SUSE SLED15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2023:0513-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0513-1 advisory. - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. -...

8.1CVSS6.7AI score0.01408EPSS
Exploits2References10
Rows per page
Query Builder