132 matches found
AlmaLinux 8 : php:7.4 (ALSA-2022:7628)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7628 advisory. php: Special character breaks path in xml parsing CVE-2021-21707 php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 php-pear:...
CentOS 8 : php:7.4 (CESA-2022:7628)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7628 advisory. - php: Special character breaks path in xml parsing CVE-2021-21707 - php: Use after free due to phpfilterfloat failing for ints CVE-2021-21708 -...
RHEL 8 : php:7.4 (RHSA-2022:7628)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7628 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...
PHP 7.4.x < 7.4.32 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...
RHEL 8 : php:7.4 (RHSA-2022:6541)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6541 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization...
php:7.4 security update
php-pear 1:1.10.13-1 - update PEAR to 1.10.13 - update ArchiveTar to 1.4.14...
Oracle Linux 8 : php:7.4 (ELSA-2022-6542)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6542 advisory. php-pear 1:1.10.13-1 - update PEAR to 1.10.13 - update ArchiveTar to 1.4.14 Tenable has extracted the preceding description block directly from the...
Moderate: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: php:7.4 security update
An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...
CentOS 8 : php:7.4 (CESA-2022:6542)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:6542 advisory. - ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 - ArchiveTar: improper filename...
AlmaLinux 8 : php:7.4 (ALSA-2022:6158)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:6158 advisory. php: uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable has extracted the preceding description block directly from the AlmaLinux security...
CentOS 8 : php:7.4 (CESA-2022:6158)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2022:6158 advisory. - php: Uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Note that Nessus has not tested for this issue but has instead relied only on the...
Oracle Linux 8 : php:7.4 (ELSA-2022-6158)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-6158 advisory. php 7.4.19-4 - fix uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 Tenable has extracted the preceding description block directly from the...
ALSA-2022:6158 Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: uninitialized array in pgqueryparams leading to RCE CVE-2022-31625 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
OS Command Injection user to admin
Summary Arbitrary commands can be injected when installing DokuWiki. Description Authenticated as "User" role users can inject commands. Injected commands are running as "admin" user. Prerequisite 1. Any user access 2. php 7.4 must be installed in order to install dokuwiki only admin can install...
Rocky Linux 8 : php:7.4 (RLSA-2022:5467)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5467 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to...
DSA-5179-1 php7.4 - security update
Bulletin has no description...
RHEL 8 : php:7.4 (RHSA-2022:5471)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5471 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buff...
RHEL 8 : php:7.4 (RHSA-2022:5467)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:5467 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: password of excessive length triggers buff...