214 matches found
Astra Linux – Vulnerability in PHP 8.2
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, and 8.3. before 8.3.12, when using PHP-FPM SAPI and the option catchworkersoutput is set to yes, it is possible to manipulate the log messages by removing up to 4 characters from the log messages. Additionally, if PHP-FPM is configured to us...
CBL Mariner 2.0 Security Update: php (CVE-2024-9026)
The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9026 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is...
SUSE SLES12: apache2-mod_php74 / php74 / php74-bcmath / php74-bz2 / etc (SUSE-SU-2024:3732-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3732-1 advisory. - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed...
SUSE SLES15: apache2-mod_php7 / php7 / php7-bcmath / php7-bz2 / php7-calendar / etc (SUSE-SU-2024:3733-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3733-1 advisory. - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not...
SUSE-SU-2024:3733-1 Security update for php7
This update for php7 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...
Security update for php74
This update for php74 fixes the following issues: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable collision...
SUSE-SU-2024:3732-1 Security update for php74
This update for php74 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...
Security update for php8
This update for php8 fixes the following issues: Update to php 8.2.24: CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environme...
CLSA-2024-1729198655 php: Fix of 2 CVEs
CVE-2024-9026: Fix log tampering in PHP-FPM - CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...
CLSA-2024-1729198334 php: Fix of 2 CVEs
CVE-2024-9026: Fix log tampering in PHP-FPM - CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...
SUSE-SU-2024:3664-1 Security update for php8
This update for php8 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...
ROS-20241015-11
A vulnerability in the PHP programming language interpreter exists due to a failure to neutralize special elements. special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...
BIT-PHP-2024-9026 PHP-FPM logs from children may be altered
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
CVE-2024-9026
A flaw was found in PHP-FPM, the FastCGI Process Manager. This vulnerability can allow an attacker to manipulate or remove up to 4 characters from log messages via crafted log content, potentially polluting or altering the final log. If PHP-FPM is configured to use syslog output, further log data...
CVE-2024-9026
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
DEBIAN-CVE-2024-9026
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
AZL-50144 CVE-2024-9026 affecting package php for versions less than 8.1.30-1
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
CVE-2024-9026
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
CVE-2024-9026 PHP-FPM logs from children may be altered
In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...
CVE-2024-9026
CVE-2024-9026 is a PHP-FPM log manipulation vulnerability. When catch_workers_output is enabled, local attackers may pollute log output or remove up to 4 characters from log messages, with potential additional data loss if syslog output is used. Affected: PHP 8.1.x before 8.1.30, 8.2.x before 8.2...