Astra Linux - уязвимость в php7.3, php8.1

Due to an incomplete fix for CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, network and same-site attackers can set an insecure cookie in the victim’s browser. This cookie is treated as a Host- or Secure-cookie by PHP applications...

MiracleLinux 8 : php:7.3 (AXSA:2020-779:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-779:01 advisory. php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer over-read in exifreaddata CVE-2019-11040 php:...

MiracleLinux 7 : rh-php73-php-7.3.33-1.el7 (AXSA:2022-3369:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3369:01 advisory. php: password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 php: Local privilege escalation via PHP-FPM CVE-2021-21703...

SUSE CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in strlowercasematch in regexec.c...

DEBIAN-CVE-2020-7062

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would try to clean up data that does...