TencentOS Server 3: php:8.0 (TSSA-2023:0257)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0257 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-1219

In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may...

BIT-PHP-MIN-2020-7066 get_headers() silently truncates after a null byte

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

[SECURITY] [DLA 3986-1] php7.4 security update

Debian LTS Advisory DLA-3986-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 08, 2024 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u7 CVE ID : CVE-2024-8929 CVE-2024-8932 CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 Debian Bug :...

PT-2019-4298

Name of the Vulnerable Software and Affected Versions PHP versions prior to 7.1.33 PHP versions prior to 7.2.24 PHP versions prior to 7.3.11 Description The issue is related to a buffer overflow vulnerability in the PHP-FPM component, which can be exploited to execute arbitrary commands on a...