EUVD-2018-3775

Malware in sbrugna...

EUVD-2024-1844

Malicious code in bioql PyPI...

CVE-2024-50340

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

GHSA-WX24-VQRG-M6M5 VuFind Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...

VuFind Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating...

CVE-2024-25738

Vulnerability summary : Open Library Foundation VuFind versions 2.0–9.1 before 9.1.1 have a Server-Side Request Forgery (SSRF) in the /Upgrade/FixConfig route. The issue lets a remote attacker overwrite local configuration files and could lead to Remote Code Execution, enabled when allow_url_incl...

CVE-2024-29186

Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions

Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

CVE-2024-29186 Slow String Operations via MultiPart Requests in Event-Driven Functions

Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

GHSA-J4HQ-F63X-F39R Slow String Operations via MultiPart Requests in Event-Driven Functions

Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

Slow String Operations via MultiPart Requests in Event-Driven Functions

Impacted Resources bref/src/Event/Http/Psr7Bridge.php:94-125 multipart-parser/src/StreamedPart.php:383-418 Description When Bref is used with the Event-Driven Function runtime and the handler is a RequestHandlerInterface, then the Lambda event is converted to a PSR7 object. During the conversion...

SUSE CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

Apache OpenWhisk Remote Code Execution Vulnerability

Apache OpenWhisk is an open source FaaS cloud platform from the Apache Software Foundation in the U.S. PHP Runtime for Apache OpenWhisk is its PHP-based version. A security vulnerability exists in PHP Runtime for Apache OpenWhisk. The vulnerability can be exploited to replace the source code of a...

CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

Code injection

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 or earlier may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation...

The vulnerability of the implementation of SplObjectStorage in ext/spl/spl_observer.c, the PHP interpreter, allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the SplObjectStorage service implementation in the ext/spl/splobserver.c file of the PHP interpreter arises due to the execution of operations beyond the memory buffer boundaries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a...

php: Zend/zend_exceptions.c does not validate certain Exception objects

Zend/zendexceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash or trigger unintended method execution via crafted...

DEBIAN-CVE-2016-7568

Integer overflow in the gdImageWebpCtx function in gdwebp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted imagewebp and...

The vulnerability of the PHP interpreter, which allows a hacker to trigger a service failure

The vulnerability of the function in the Zend/zendexceptions.c interpreter of PHP exists due to the lack of checks for certain Exception objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure such as reassigning a null pointer or...