Oracle Linux 9 : php (ELSA-2022-8197)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8197 advisory. 8.0.20-3 - snmp3 calls using authPriv or authNoPriv immediately return false 2104630 8.0.20-2 - fix patch41 not applied use system nikic/php-parser whe...

Medium: php73

Issue Overview: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

CVE-2020-7059

When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...