SUSE CVE-2015-8994

An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/modphp or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validatepermission=1 setting. The vulnerability details a...

SUSE CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

Cross-Site Request Forgery (CSRF)

froxlor/froxlor is vulnerable to cross-site request forgery. The vulnerability exists in the adminapcuinfo.php and adminopcacheinfo.php, allowing an attacker to trick the admin or reseller user to reset the OPCache just by sending the malicious link when the changeserversettings is set to 1...

Get based CSRF on Reset OP Cache functionality

Description The functionality to reset the OPCache is vulnerable to CSRF. In fact, it would be a good practice to implement a CSRF token in URL if the GET functionality is meant to trigger an action, instead of only retrieving data. Alternatively, it can be turned in a POST request, which I can s...

MGASA-2022-0234 Updated php packages fix security vulnerability

CLI -Fixed bug 8575 CLI closes standard streams too early. Core -Fixed Haiku ZTS builds. Date -Fixed bug 8471 Segmentation fault when converting immutable and mutable DateTime instances created using reflection. php-fpm - Fixed bug 72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed...

Updated php packages fix security vulnerability

CLI -Fixed bug 8575 CLI closes standard streams too early. Core -Fixed Haiku ZTS builds. Date -Fixed bug 8471 Segmentation fault when converting immutable and mutable DateTime instances created using reflection. php-fpm - Fixed bug 72185 writes empty fcgi record causing nginx 502. Mysqlnd - Fixed...

Mageia: Security Advisory (MGASA-2018-0191)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPcache UI Detected

A PHP OPcache information page has been detected, potentially including server statistics, settings and cached files, software versions and providing real-time updates for the information. This information may then assist in the compromise of the web application. No source data...

Docket Cache < 21.08.02 - Reflected Cross-Site Scripting

The plugin does not escape some filter parameters when the OPCache Viewer is enabled before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC https://example.com/wp-admin/admin.php?page=docket-cache-opcviewer=opcviewer=a="="...

Updated php packages fix a security vulnerability

In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure...

MGASA-2020-0387 Updated php packages fix a security vulnerability

In PHP versions 7.2.x when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure...

Fedora 31 : php (2020-94763cb98b)

PHP version 7.3.23 01 Oct 2020 Core: - Fixed bug php80048 Bug php69100 has not been fixed for Windows. cmb - Fixed bug php80049 Memleak when coercing integers to string via variadic argument. Nikita - Fixed bug php79699 PHP parses encoded cookie names so malicious Host- cookies can be sent...

Fedora 31 : php (2020-62ee541bbb)

PHP version 7.3.17 16 Apr 2020 Core: - Fixed bug php79364 When copy empty array, next key is unspecified. cmb - Fixed bug php78210 Invalid pointer address. cmb, Nikita CURL: - Fixed bug php79199 curlcopyhandle memory leak. cmb Date: - Fixed bug php79396 DateTime hour incorrect during DST jump...

Fedora 30 : php (2020-96cb012029)

PHP version 7.3.17 16 Apr 2020 Core: - Fixed bug php79364 When copy empty array, next key is unspecified. cmb - Fixed bug php78210 Invalid pointer address. cmb, Nikita CURL: - Fixed bug php79199 curlcopyhandle memory leak. cmb Date: - Fixed bug php79396 DateTime hour incorrect during DST jump...

Updated php packages fix security vulnerability

Updated php packages fix security vulnerabilities: - OOB Read in urldecode CVE-2020-7067 - Integer Overflow in shmopopen Noteable changes: - Opcache chokes and uses 100% CPU on specific script - curlcopyhandle memory leak - ZipArchive::open fails on empty file...

MGASA-2020-0178 Updated php packages fix security vulnerability

Updated php packages fix security vulnerabilities: - OOB Read in urldecode CVE-2020-7067 - Integer Overflow in shmopopen Noteable changes: - Opcache chokes and uses 100% CPU on specific script - curlcopyhandle memory leak - ZipArchive::open fails on empty file...

Fedora 30 : php (2019-437d94e271)

PHP version 7.3.13 18 Dec 2019 Bcmath: - Fixed bug php78878 Buffer underflow in bcshiftaddsub. CVE-2019-11046. cmb Core: - Fixed bug php78862 link silently truncates after a null byte on Windows. CVE-2019-11044. cmb - Fixed bug php78863 DirectoryIterator class silently truncates after a null byte...

The vulnerability of daughter FPM processes in the PHP interpreter allows attackers to bypass access control in OpCache and gain unauthorized access to protected information.

The vulnerability of daughter FPM processes in the PHP interpreter is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to bypass opcache access controls and gain unauthorized access to protected information...

Information Disclosure

PHP is vulnerable to information disclosure. It has dumpable FPM child processes which allow bypassing opcache access controls because fpmunix.c calls PRSETDUMPABLE prctl...

php: Dumpable FPM child processes allow bypassing opcache access controls

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...