37 matches found
BIT-PHP-MIN-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
BIT-PHP-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PHP vulnerabilities (USN-4583-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4583-1 advisory. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease...
K99862460: PHP vulnerability CVE-2020-7069
Security Advisory Description In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption...
SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2941-1)
This update for php7 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite...
SUSE SLES12 Security Update : php74 (SUSE-SU-2020:2896-1)
This update for php74 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrit...
SUSE SLES12 Security Update : php72 (SUSE-SU-2020:2943-1)
This update for php72 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrit...
openSUSE Security Update : php7 (openSUSE-2020-1767)
This update for php7 fixes the following issues : - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...
openSUSE: Security Advisory for php7 (openSUSE-SU-2020:1767-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Amazon Linux AMI : php72, php73 (ALAS-2020-1440)
The version of php72 installed on the remote host is prior to 7.2.34-1.26. The version of php73 installed on the remote host is prior to 7.3.23-1.29. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1440 advisory. In PHP versions 7.2.x below 7.2.34, 7.3.x belo...
openSUSE Security Update : php7 (openSUSE-2020-1703)
This update for php7 fixes the following issues : - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...
Security update for php7 (important)
openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:1703-1 Rating: important References: 1177351 1177352 Cross-References: CVE-2020-7069 CVE-2020-7070 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now available. Description: Thi...
PHP 7.2.x < 7.2.34 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...
PHP 7.4.x < 7.4.11 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...
PHP 7.3.x < 7.3.23 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...
PHP 7.2 < 7.2.34 / 7.3.x < 7.3.23 / 7.4.x < 7.4.11 Mulitiple Vulnerabilities
According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilties: - A weak cryptography vulnerability exists in PHP's opensslencrypt...
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
Code injection
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...