Lucene search
K

214 matches found

AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.2 views

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, and 8.3. before 8.3.12, when using PHP-FPM SAPI and the option catchworkersoutput is set to yes, it is possible to manipulate the log messages by removing up to 4 characters from the log messages. Additionally, if PHP-FPM is configured to us...

3.3CVSS6.6AI score0.00482EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/11/02 12:0 a.m.13 views

CBL Mariner 2.0 Security Update: php (CVE-2024-9026)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9026 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is...

3.3CVSS6.9AI score0.00482EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/10/19 12:0 a.m.17 views

SUSE SLES12: apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / etc (SUSE-SU-2024:3732-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3732-1 advisory. - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed...

7.5CVSS6.7AI score0.01077EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2024/10/19 12:0 a.m.26 views

SUSE SLES15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2024:3733-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3733-1 advisory. - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not...

7.5CVSS6.7AI score0.01077EPSS
Exploits3References10
OSV
OSV
added 2024/10/18 3:48 p.m.23 views

SUSE-SU-2024:3733-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...

7.5CVSS6.2AI score0.01077EPSS
Exploits3References7
SUSE Linux
SUSE Linux
added 2024/10/18 2:47 p.m.3 views

Security update for php74

This update for php74 fixes the following issues: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable collision...

6.9CVSS7AI score0.01077EPSS
Exploits3References12
OSV
OSV
added 2024/10/18 2:47 p.m.22 views

SUSE-SU-2024:3732-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...

7.5CVSS6.2AI score0.01077EPSS
Exploits3References7
SUSE Linux
SUSE Linux
added 2024/10/18 1:23 p.m.2 views

Security update for php8

This update for php8 fixes the following issues: Update to php 8.2.24: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environme...

6.9CVSS6.6AI score0.01077EPSS
Exploits3References12
OSV
OSV
added 2024/10/17 8:57 p.m.7 views

CLSA-2024-1729198655 php: Fix of 2 CVEs

CVE-2024-9026: Fix log tampering in PHP-FPM - CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...

7.5CVSS6.7AI score0.01077EPSS
Exploits2References1
OSV
OSV
added 2024/10/17 8:52 p.m.6 views

CLSA-2024-1729198334 php: Fix of 2 CVEs

CVE-2024-9026: Fix log tampering in PHP-FPM - CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...

7.5CVSS5.8AI score0.01077EPSS
Exploits2References1
OSV
OSV
added 2024/10/16 2:28 p.m.32 views

SUSE-SU-2024:3664-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...

7.5CVSS6.2AI score0.01077EPSS
Exploits3References7
Redos
Redos
added 2024/10/15 12:0 a.m.20 views

ROS-20241015-11

A vulnerability in the PHP programming language interpreter exists due to a failure to neutralize special elements. special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...

8.8CVSS7.5AI score0.03686EPSS
Exploits68
OSV
OSV
added 2024/10/10 7:13 a.m.16 views

BIT-PHP-2024-9026 PHP-FPM logs from children may be altered

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS6AI score0.00482EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/10/08 12:56 p.m.15 views

CVE-2024-9026

A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data...

3.3CVSS6.5AI score0.00482EPSS
Exploits1References4
NVD
NVD
added 2024/10/08 4:15 a.m.12 views

CVE-2024-9026

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS0.00482EPSS
Exploits1References3
OSV
OSV
added 2024/10/08 4:15 a.m.2 views

DEBIAN-CVE-2024-9026

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS6.2AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2024/10/08 4:15 a.m.7 views

AZL-50144 CVE-2024-9026 affecting package php for versions less than 8.1.30-1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS6.5AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2024/10/08 4:15 a.m.16 views

CVE-2024-9026

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS6.6AI score
Exploits0References3
Cvelist
Cvelist
added 2024/10/08 4:7 a.m.35 views

CVE-2024-9026 PHP-FPM logs from children may be altered

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

3.3CVSS0.00482EPSS
Exploits1References1
CVE
CVE
added 2024/10/08 4:7 a.m.327 views

CVE-2024-9026

CVE-2024-9026 is a PHP-FPM log manipulation vulnerability. When catch_workers_output is enabled, local attackers may pollute log output or remove up to 4 characters from log messages, with potential additional data loss if syslog output is used. Affected: PHP 8.1.x before 8.1.30, 8.2.x before 8.2...

3.3CVSS5.6AI score0.00482EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder