Lucene search
K

49 matches found

Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.61 views

Rocky Linux 8 : php:8.0 (RLSA-2023:0848)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0848 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute...

9.8CVSS8AI score0.49336EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.54 views

CentOS 8 : php:8.0 (CESA-2023:0848)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0848 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite...

9.8CVSS7.8AI score0.49336EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.46 views

RHEL 8 : php:8.0 (RHSA-2023:0848)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0848 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

9.8CVSS7.5AI score0.49336EPSS
Exploits6References14
Tenable Nessus
Tenable Nessus
added 2023/02/21 12:0 a.m.48 views

AlmaLinux 8 : php:8.0 (ALSA-2023:0848)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0848 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cookie by...

9.8CVSS7.4AI score0.49336EPSS
Exploits6References6
NVD
NVD
added 2023/02/16 7:15 a.m.20 views

CVE-2023-0662

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

7.5CVSS8.5AI score0.01408EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/16 6:34 a.m.25 views

CVE-2023-0568 Array overrun in common path resolve code

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...

7.5CVSS8.4AI score0.01242EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2023/02/16 6:34 a.m.45 views

CVE-2023-0568

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...

8.1CVSS8.2AI score0.01242EPSS
Exploits1
OSV
OSV
added 2023/02/16 6:24 a.m.29 views

CVE-2023-0662 DoS vulnerability when parsing multipart request body

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...

7.5CVSS6.7AI score0.01408EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/02/16 6:15 a.m.28 views

CVE-2023-0567 password_verify() always returns true for some invalid hashes

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...

7.7CVSS7AI score0.00944EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/02/14 12:0 a.m.53 views

PHP 8.0.x < 8.0.28

The version of PHP installed on the remote host is prior to 8.0.28. It is, therefore, affected by a vulnerability as referenced in the Version 8.0.28 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high...

7.5CVSS6.9AI score0.01408EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/01/10 12:0 a.m.13 views

PHP 8.0.x < 8.0.27 Integer Overflow

According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.27, 8.1.x prior to 8.1.14, or 8.2.x prior to 8.2.1. It is, therefore, affected by an integer overflow. Note that the scanner has not tested for these issues but has instead relied...

9.1CVSS7.4AI score0.02154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.58 views

Rocky Linux 8 : php:8.0 (RLSA-2022:7624)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7624 advisory. - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, ...

9.8CVSS7.7AI score0.03437EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.38 views

Oracle Linux 8 : php:8.0 (ELSA-2022-7624)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7624 advisory. libzip 1.7.3-1 - update to 1.7.3 php-pecl-apcu 5.1.20-1 - update to 5.1.20 php-pecl-rrd 2.0.3-1 - update to 2.0.3 php-pecl-xdebug3 3.1.2-1 - update to...

9.8CVSS7.7AI score0.03437EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/11/14 12:0 a.m.38 views

AlmaLinux 8 : php:8.0 (ALSA-2022:7624)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7624 advisory. php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php: Uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable...

9.8CVSS7.7AI score0.03437EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/11/07 12:0 a.m.42 views

PHP 8.0.x < 8.0.25 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.33, 8.0.x prior to 8.0.25, or 8.1.x prior to 8.1.12. It is, therefore, affected by multiple vulnerabilities: - An OOB read due to insufficient input validation in imageloadfont...

9.8CVSS9.1AI score0.05193EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.68 views

PHP 7.4.x < 7.4.32 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...

6.5CVSS7.1AI score0.49336EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/07/11 12:0 a.m.46 views

CentOS 8 : php:8.0 (CESA-2022:5468)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:5468 advisory. - php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 Note that Nessus has not tested for this issue but has instead relied...

8.8CVSS8.7AI score0.5838EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2022/07/11 12:0 a.m.45 views

Rocky Linux 8 : php:8.0 (RLSA-2022:5468)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5468 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to...

8.8CVSS9.2AI score0.5838EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2022/07/05 12:0 a.m.68 views

Oracle Linux 8 : php:8.0 (ELSA-2022-5468)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5468 advisory. php 8.0.13-3 - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 Tenable has extracted the preceding description block...

8.8CVSS8.7AI score0.5838EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2022/06/30 12:0 a.m.51 views

RHEL 8 : php:8.0 (RHSA-2022:5468)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5468 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buff...

8.8CVSS8.7AI score0.5838EPSS
Exploits2References4
Rows per page
Query Builder