654 matches found
OESA-2025-1302 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
[SECURITY] [DLA 4088-1] php7.4 security update
Debian LTS Advisory DLA-4088-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 20, 2025 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u8 CVE ID : CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 CVE-2025-1861 Multiple security...
CVE-2025-26921 WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through = 2.2.6...
[SECURITY] [DSA 5878-1] php8.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5878-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 14, 2025 https://www.debian.org/security/faq -...
WordPress Responsive Google Map plugin suffers from an unspecified vulnerability (CNVD-2025-05453)
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
DSA-5878-1 php8.2 - security update
Bulletin has no description...
Linux Distros Unpatched Vulnerability : CVE-2020-7068
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, pharparsezipfile could be tricke...
Linux Distros Unpatched Vulnerability : CVE-2020-7069
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only fir...
Linux Distros Unpatched Vulnerability : CVE-2012-0057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the...
Linux Distros Unpatched Vulnerability : CVE-2015-4148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dosoapcall function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string,...
Linux Distros Unpatched Vulnerability : CVE-2016-7125
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows remote...
Linux Distros Unpatched Vulnerability : CVE-2014-4721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW,...
Linux Distros Unpatched Vulnerability : CVE-2018-20783
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to rea...
Linux Distros Unpatched Vulnerability : CVE-2015-8835
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which...
Linux Distros Unpatched Vulnerability : CVE-2015-4599
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SoapFault::toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive...
Linux Distros Unpatched Vulnerability : CVE-2016-5094
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial o...
Linux Distros Unpatched Vulnerability : CVE-2021-21702
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server cou...
Linux Distros Unpatched Vulnerability : CVE-2019-9020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lea...
Linux Distros Unpatched Vulnerability : CVE-2018-5712
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error pag...
Linux Distros Unpatched Vulnerability : CVE-2015-3411
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or...