231 matches found
EUVD-2003-0666
Malware in sbrugna...
EUVD-2001-1070
Malware in sbrugna...
EUVD-2013-0227
Malware in sbrugna...
EUVD-2020-17957
Malware in sbrugna...
EUVD-2024-21277
Malicious code in bioql PyPI...
CLSA-2025-1758289909 Fix CVE(s): CVE-2025-1735, CVE-2025-1736
SECURITY UPDATE: Inadequate validation in pgsql and pdopgsql functions - debian/patches/CVE-2025-1735.patch: add error checks for escape function in pgsql and pdopgsql extensions to prevent potential security issues - CVE-2025-1735 SECURITY UPDATE: Insufficient HTTP header validation -...
USN-7648-3: PHP regression
USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735 caused a regression in php7.0, php7.2 and php7.4. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null...
CLSA-2025-1753963973 php: Fix of CVE-2025-1735
CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...
SUSE CVE-2024-23835
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the...
SUSE-SU-2025:02474-1 Security update for php8
This update for php8 fixes the following issues: Version update to 8.2.29: - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP...
Security update for php8
This update for php8 fixes the following issues: Version update to 8.3.23: CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extensi...
USN-7648-1 php8.1, php8.3, php8.4 vulnerabilities
It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. CVE-2025-1220 It was discovered that PHP incorrectly handled the pgsql and pdopgsql escaping functions. A remo...
CVE-2025-1735
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...
PHP 8.3.x < 8.3.23 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.33, 8.2.x prior to 8.2.29, 8.3.x prior to 8.3.23, or 8.4.x prior to 8.4.10. It is, therefore, affected by multiple vulnerabilities: - pgsql extension does not check for errors duri...
PHP 8.1.x < 8.1.33 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.33, 8.2.x prior to 8.2.29, 8.3.x prior to 8.3.23, or 8.4.x prior to 8.4.10. It is, therefore, affected by multiple vulnerabilities: - pgsql extension does not check for errors duri...
PHP 8.2.x < 8.2.29 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.33, 8.2.x prior to 8.2.29, 8.3.x prior to 8.3.23, or 8.4.x prior to 8.4.10. It is, therefore, affected by multiple vulnerabilities: - pgsql extension does not check for errors duri...
PHP 8.4.x < 8.4.10 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.33, 8.2.x prior to 8.2.29, 8.3.x prior to 8.3.23, or 8.4.x prior to 8.4.10. It is, therefore, affected by multiple vulnerabilities: - pgsql extension does not check for errors duri...
SUSE CVE-2025-1735
In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...
MGASA-2025-0203 Updated php packages fix security vulnerabilities
PGSQL: Fixed GHSA-hrwm-9436-5mv3 pgsql extension does not check for errors during escaping. CVE-2025-1735 SOAP: Fixed GHSA-453j-q27h-5p8x NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix. CVE-2025-6491 Standard: Fixed GHSA-3cr5-j632-f35r Null byte termination in...
Updated php packages fix security vulnerabilities
PGSQL: Fixed GHSA-hrwm-9436-5mv3 pgsql extension does not check for errors during escaping. CVE-2025-1735 SOAP: Fixed GHSA-453j-q27h-5p8x NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix. CVE-2025-6491 Standard: Fixed GHSA-3cr5-j632-f35r Null byte termination in...