Astra Linux - уязвимость в php7.3, php8.1

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, and 8.2. before 8.2.2, when using the PDO::quote function to quote user-supplied data for SQLite, providing an overly long string may cause the driver to incorrectly quote the data. This can further lead to SQL injection vulnerabilities...

MiracleLinux 9 : php-8.0.27-1.el9 (AXSA:2023-5186:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5186:02 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...

MiracleLinux 8 : php:8.0 (AXSA:2023-5146:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5146:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...

php:7.4 security update

An update is available for module.php, module.php-pecl-xdebug, module.php-pear, module.php-pecl-apcu, php-pecl-rrd, php-pecl-zip, php, php-pear, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug, module.libzip, libzip. This update affects Rocky Linux 8. A Common Vulnerabili...

RockyLinux 8 : php:7.4 (RLSA-2023:2903)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2903 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cooki...

RockyLinux 9 : php:8.1 (RLSA-2023:2417)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:2417 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-' cooki...

EUVD-2022-54225

Malicious code in bioql PyPI...

BIT-PHP-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

BIT-PHP-MIN-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

CVE-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

Amazon Linux 2 : php (ALASPHP8.2-2023-003)

The version of php installed on the remote host is prior to 8.2.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PHP8.2-2023-003 advisory. A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly...

Medium: php

Issue Overview: A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called...

Medium: php

Issue Overview: A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called...

Medium: php

Issue Overview: A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called...

OESA-2023-1621 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

CLSA-2023-1686858853 php: Fix of 3 CVEs

CVE-2022-31628: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31629: Add cookie integrity validation - CVE-2022-31631: Fix integer overflow that could cause PDO::quote to return an improperly quoted string...

EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2023-2243)

According to the versions of the php packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a...

CLSA-2023-1679944242 Fix CVE(s): CVE-2022-31629, CVE-2022-31628, CVE-2022-31631

SECURITY UPDATE: Denial of service - debian/patches/CVE-2022-31628.patch: Fix potential infinite recursion in phar wrapper when using quine gzip file - CVE-2022-31628 SECURITY UPDATE: Cookie injection - debian/patches/CVE-2022-31629.patch: Add cookie integrity validation - CVE-2022-31629 SECURITY...

Oracle Linux 9 : php (ELSA-2023-0965)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0965 advisory. 8.0.27-1 - rebase to 8.0.27 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...