DSA-5277-1 php7.4 - security update

Bulletin has no description...

PHP 8.1.x < 8.1.11 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...

CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

Exploit for Use of a One-Way Hash with a Predictable Salt in Redux Gutenberg_Template_Library_\&_Redux_Framework

CVE-2021-38314 Python Exploit Detail...

CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...

CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...

CVE-2022-0594 Shareaholic < 9.7.6 - Information Disclosure

The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated in v 9.7.5 and author+ in v9.7.5 users, allowing them to call it and retrieve various information such as t...

CVE-2022-31157 Use of a Broken or Risky Cryptographic Algorithm in packbackbooks/lti-1-3-php-library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the function used to generate random nonces was not sufficiently cryptographically complex. Users should upgrade to version 5.0 to receive a patch. There are currently no known...

CVE-2022-31627

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

PHP 8.1.x < 8.1.8

The version of PHP installed on the remote host is prior to 8.1.8. It is, therefore, affected by a vulnerability as referenced in the Version 8.1.8 advisory. - In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code...

PHP 7.4.x < 7.4.30 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.30, 8.0.x prior to 8.0.20, or 8.1.x prior to 8.1.7. It is, therefore, affected by multiple vulnerabilities: - Uninitialized array in pgqueryparams. CVE-2022-31625 - mysqlnd/pdo...

GHSA-CGRV-6H2H-6F7V MODX Revolution Directory Traversal Vulnerability

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

Exploit for Use of a One-Way Hash with a Predictable Salt in Redux Gutenberg_Template_Library_\&_Redux_Framework

cve-2021-38314 - Unauthenticated Sensitive Information Disclos...

GHSA-9327-MQM6-X97J SimpleSAMLphp Information leakage issue in the sanitycheck module

The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors...

SimpleSAMLphp Information leakage issue in the sanitycheck module

The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors...

CVE-2022-27991

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /stafflogin.php via the Staff ID and Staff Password parameters...

CVE-2021-21708

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in...

USN-5300-1 php7.0 vulnerabilities

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120 It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this iss...

Crypt_GPG 参数注入漏洞

CryptGPG is a PHP package that interacts with GNU Privacy Guard GnuPG. CryptGPG suffers from a parameter injection vulnerability that stems from the fact that the Crypt GPG extension prior to PHP 1.6.7 does not block additional options in GPG calls...

PHP 7.4.x < 7.4.28

The version of PHP installed on the remote host is prior to 7.4.28. It is, therefore, affected by a vulnerability as referenced in the Version 7.4.28 advisory. - In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT...