49 matches found
Rocky Linux 8 : php:8.0 (RLSA-2023:0848)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0848 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute...
CentOS 8 : php:8.0 (CESA-2023:0848)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0848 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite...
RHEL 8 : php:8.0 (RHSA-2023:0848)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0848 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...
AlmaLinux 8 : php:8.0 (ALSA-2023:0848)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:0848 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cookie by...
CVE-2023-0662
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...
CVE-2023-0568 Array overrun in common path resolve code
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...
CVE-2023-0568
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...
CVE-2023-0662 DoS vulnerability when parsing multipart request body
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space...
CVE-2023-0567 password_verify() always returns true for some invalid hashes
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid...
PHP 8.0.x < 8.0.28
The version of PHP installed on the remote host is prior to 8.0.28. It is, therefore, affected by a vulnerability as referenced in the Version 8.0.28 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high...
PHP 8.0.x < 8.0.27 Integer Overflow
According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.27, 8.1.x prior to 8.1.14, or 8.2.x prior to 8.2.1. It is, therefore, affected by an integer overflow. Note that the scanner has not tested for these issues but has instead relied...
Rocky Linux 8 : php:8.0 (RLSA-2022:7624)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7624 advisory. - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, ...
Oracle Linux 8 : php:8.0 (ELSA-2022-7624)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7624 advisory. libzip 1.7.3-1 - update to 1.7.3 php-pecl-apcu 5.1.20-1 - update to 5.1.20 php-pecl-rrd 2.0.3-1 - update to 2.0.3 php-pecl-xdebug3 3.1.2-1 - update to...
AlmaLinux 8 : php:8.0 (ALSA-2022:7624)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7624 advisory. php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php: Uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable...
PHP 8.0.x < 8.0.25 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.33, 8.0.x prior to 8.0.25, or 8.1.x prior to 8.1.12. It is, therefore, affected by multiple vulnerabilities: - An OOB read due to insufficient input validation in imageloadfont...
PHP 7.4.x < 7.4.32 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...
CentOS 8 : php:8.0 (CESA-2022:5468)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:5468 advisory. - php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 Note that Nessus has not tested for this issue but has instead relied...
Rocky Linux 8 : php:8.0 (RLSA-2022:5468)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5468 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to...
Oracle Linux 8 : php:8.0 (ELSA-2022-5468)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-5468 advisory. php 8.0.13-3 - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 Tenable has extracted the preceding description block...
RHEL 8 : php:8.0 (RHSA-2022:5468)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5468 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buff...