Lucene search
K

159 matches found

Veracode
Veracode
added 2023/11/23 6:49 a.m.21 views

Heap Buffer Overflow

ibminizip-ng.so is vulnerable to Heap Buffer Overflow. The vulnerability is due to the mzpathresolve function in mzos.c because there is no boundary checking during the backward search for slashes in the path resolution function. This allows an attacker to craft a file with a specially structured...

8.8CVSS7.6AI score0.0093EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/21 12:0 a.m.47 views

AlmaLinux 9 : php (ALSA-2023:5926)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5926 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If suc...

9.8CVSS7.8AI score0.08003EPSS
Exploits6References7
OSV
OSV
added 2023/10/20 3:39 p.m.7 views

CLSA-2023-1697816385 curl: Fix of 2 CVEs

CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix read off end of array for SCP home directory case...

8.8CVSS6.8AI score0.02596EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2023/10/19 1:33 p.m.5 views

php: 1-byte array overrun in common path resolve code

A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which...

8.1CVSS7.5AI score0.01242EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/10/19 1:19 p.m.4 views

php: 1-byte array overrun in common path resolve code

A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which...

8.1CVSS7.5AI score0.01242EPSS
Exploits1References5
OSV
OSV
added 2023/09/24 10:16 p.m.34 views

MGASA-2023-0263 Updated curl packages fix security vulnerability

TELNET option IAC injection. CVE-2023-27533 SFTP path resolving discrepancy. CVE-2023-27534 FTP too eager connection reuse. CVE-2023-27535 GSS delegation too eager connection re-use. CVE-2023-27536 HSTS double free. CVE-2023-27537 SSH connection too eager reuse still. CVE-2023-27538 UAF in SSH...

9.8CVSS5.9AI score0.62246EPSS
Exploits11References17
Amazon
Amazon
added 2023/09/13 12:0 a.m.5 views

Important: php

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7.3AI score0.01408EPSS
Exploits2
Amazon
Amazon
added 2023/09/13 12:0 a.m.4 views

Important: php

Issue Overview: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

8.1CVSS7.3AI score0.01408EPSS
Exploits2
OSV
OSV
added 2023/09/09 11:5 a.m.4 views

OESA-2023-1622 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.9AI score0.08003EPSS
Exploits6References8
OSV
OSV
added 2023/09/09 11:5 a.m.5 views

OESA-2023-1621 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS6.9AI score0.08003EPSS
Exploits6References8
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.50 views

EulerOS 2.0 SP8 : php (EulerOS-SA-2023-2196)

According to the versions of the php packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. I...

8.1CVSS7.2AI score0.01831EPSS
Exploits2References5
F5 Networks
F5 Networks
added 2023/05/23 6:48 p.m.45 views

K000134747: PHP vulnerability CVE-2023-0568

Security Advisory Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being...

8.1CVSS7.2AI score0.01242EPSS
Exploits1Affected Software12
OSV
OSV
added 2023/05/05 2:18 a.m.16 views

GHSA-FWJ4-72FM-C93G Under-validated ComSpec and cmd.exe resolution in Mutagen projects

Impact Mutagen projects offer shell-based execution functionality. On Windows, the shell is resolved using the standard %ComSpec% mechanism, with a fallback to a %PATH%-based search for cmd.exe. While this is the standard practice on Windows systems, it presents somewhat risky behavior. Firstly,...

6.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.832 views

Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2023-139)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-139 advisory. In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the passwo...

8.1CVSS7.2AI score0.01408EPSS
Exploits2References8
OSV
OSV
added 2023/02/28 2:18 p.m.4 views

USN-5902-1 php7.2, php7.4, php8.1 vulnerabilities

It was discovered that PHP incorrectly handled certain invalid Blowfish password hashes. An invalid password hash could possibly allow applications to accept any password as valid, contrary to expectations. CVE-2023-0567 It was discovered that PHP incorrectly handled resolving long paths. A remot...

8.1CVSS6.7AI score0.01408EPSS
Exploits2References4
OSV
OSV
added 2023/02/27 8:27 p.m.14 views

MGASA-2023-0065 Updated php packages fix security vulnerability

The passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. CVE-2023-0567 The core path resolution function allocates a buffer one byte too...

8.1CVSS8AI score0.01408EPSS
Exploits2References3
Mageia
Mageia
added 2023/02/27 8:27 p.m.58 views

Updated php packages fix security vulnerability

The passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. CVE-2023-0567 The core path resolution function allocates a buffer one byte too...

8.1CVSS7.4AI score0.01408EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2023/02/25 12:0 a.m.52 views

SUSE SLES12: apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / etc (SUSE-SU-2023:0515-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0515-1 advisory. - CVE-2023-0568: Fixed NULL byte off-by-one in phpcheckspecificopenbasedir bnc1208366. - CVE-2023-0662: Fixed DoS vulnerability whe...

8.1CVSS6.7AI score0.01408EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2023/02/24 12:0 a.m.73 views

Fedora 37 : php (2023-452714dbc6)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-452714dbc6 advisory. PHP version 8.1.16 14 Feb 2023 Core: Fixed bug php81744 Passwordverify always return true with some hash. CVE-2023-0567. Tim Dsterhus Fixed bug...

8.1CVSS7.1AI score0.01408EPSS
Exploits2References4
NVD
NVD
added 2023/02/16 7:15 a.m.17 views

CVE-2023-0568

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...

8.1CVSS8.7AI score0.01242EPSS
Exploits1References2
Rows per page
Query Builder