292 matches found
Fedora 37 : php-pear-CAS (2022-d6c6782130)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-d6c6782130 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...
CentOS 7 : php-pear (RHSA-2022:7340)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7340 advisory. - ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28948 - ArchiveTar through...
RHSA-2022:7340 Red Hat Security Advisory: php-pear security update
Bulletin has no description...
RHSA-2011:1741 Red Hat Security Advisory: php-pear security and bug fix update
Bulletin has no description...
RHEL 8 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949 - ArchiveTar through...
RHEL 8 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 Note that Nessus has not tested for...
RHEL 7 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 - PECL in the download...
RHEL 6 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php-pear: Unsafe deserialization of data in ArchiveTar class CVE-2018-1000888 - PECL in the download...
RHEL 5 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - php-pear: File overwrite by malicious server CVE-2017-5630 Note that Nessus has not tested for this issue but has...
RHEL 7 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php-pear: File overwrite by malicious server CVE-2017-5630 - In ArchiveTar before 1.4.14, symlinks can...
RHEL 6 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php-pear: File overwrite by malicious server CVE-2017-5630 - In ArchiveTar before 1.4.14, symlinks can...
RHEL 5 : php-pear (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - php-pear: File overwrite by malicious server CVE-2017-5630 Note that Nessus has not tested for this issue but has...
CVE-2024-2757
In PHP 8.3. before 8.3.5, function mbencodemimeheader runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function...
CVE-2024-3096
In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, if a password stored with passwordhash starts with a null byte \x00, testing a blank string as the password via passwordverify will incorrectly return true...
php:8.0 security update
libzip php 8.0.30-1 - rebase to 8.0.30 - Resolves: RHEL-11946 php-pear php-pecl-apcu php-pecl-rrd php-pecl-xdebug3 php-pecl-zip...
Oracle Linux 6 : php-pear (ELSA-2011-1741)
The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2011-1741 advisory. 1.9.4-4 - fix patch application for 747361 1.9.4-3 - ignore REST cache creation failures as non-root user 747361 1.9.4-2 - fix XML-Util provides 1.9.4-1 - updat...
CVE-2023-3247
In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...
The vulnerability of the PHP PEAR class library lies in the insufficient elimination of special elements in queries, allowing attackers to compromise data integrity.
The vulnerability of the PHP PEAR class library is related to insufficient elimination of special elements in the request. Exploiting this vulnerability can allow an attacker to compromise data integrity...
Fedora 35 : php-pear-CAS (2022-76b3530ac2)
The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-76b3530ac2 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...
Fedora 36 : php-pear-CAS (2022-37c2d26f59)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-37c2d26f59 advisory. Changes in version 1.6.0 Bug Fixes: Introduce required servicename constructor argument to fix service hostname discovery exploitation vulnerability...