6 matches found
Oracle Linux 9 : php (ELSA-2025-7315)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7315 advisory. - Fix Leak partial content of the heap through heap buffer over-read CVE-2024-8929 - Fix Configuring a proxy in a stream context might allow for CRLF...
Moderate: Red Hat Security Advisory: php security update
An update for php is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Important: php
Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly i...
Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-845)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-845 advisory. The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode...
GHSA-Q34M-JH98-GWM2 Werkzeug possible resource exhaustion when parsing file data in forms
Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.maxformmemorysize setting. The Request.maxcontentlength setting, as well as resource limits provided by deployment software and platforms,...
PHP 8.3.x < 8.3.12 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.30, 8.2.x prior to 8.2.24, or 8.3.x prior to 8.3.12. It is, therefore, affected by multiple vulnerabilities: - Parameter injection vulnerability with a bypass of CVE-2024-4577...