Medium: php

Issue Overview: Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the...

ROS-20220826-01

A vulnerability in the phpurlparseex function of the PHP programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an SSRF attack Vulnerability in the SOAP extension of the PHP interpreter...

openSUSE: Security Advisory for php7 (openSUSE-SU-2021:2795-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:2795-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdofirebase module bsc1188035...

Security update for php7 (important)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2021:2795-1 Rating: important References: 1188035 Cross-References: CVE-2021-21704 CVSS scores: CVE-2021-21704 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 An update tha...

SUSE: Security Advisory (SUSE-SU-2021:2795-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2021:1130-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdofirebase module bsc1188035. - CVE-2021-21705: Fixed SSRF bypass in FILTERVALIDATEURL bsc1188037. This update was imported from the SUSE:SLE-15-SP2:Update update project...

Security update for php7 (important)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2021:1130-1 Rating: important References: 1188035 1188037 Cross-References: CVE-2021-21704 CVE-2021-21705 CVSS scores: CVE-2021-21704 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21705 SUSE: 5.3...

SUSE-SU-2021:2638-1 Security update for php72

This update for php72 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdofirebase module bsc1188035...

OPENSUSE-SU-2021:2637-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdofirebase module bsc1188035. - CVE-2021-21705: Fixed SSRF bypass in FILTERVALIDATEURL bsc1188037...

SUSE-SU-2021:2637-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2021-21704: Fixed security issues in pdofirebase module bsc1188035. - CVE-2021-21705: Fixed SSRF bypass in FILTERVALIDATEURL bsc1188037...

SUSE: Security Advisory (SUSE-SU-2021:2638-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for php7 (important)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2021:2637-1 Rating: important References: 1188035 1188037 Cross-References: CVE-2021-21704 CVE-2021-21705 CVSS scores: CVE-2021-21704 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-21705 SUSE: 5.3...

PHP 7.3.x < 7.3.29 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...

PHP 8.x < 8.0.8 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...

PHP 7.4.x < 7.4.21 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...

CVE-2021-21704

Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the response before...