75 matches found
Important: php72
Issue Overview: A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.1...
Amazon Linux AMI : php72 (ALAS-2024-1921)
The version of php72 installed on the remote host is prior to 7.2.26-1.19. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1921 advisory. 2024-02-28: CVE-2019-11045 was added to this advisory. 2024-02-28: CVE-2019-11049 was added to this advisory. 2024-02-28:...
Amazon Linux AMI : php72-pecl-imagick (ALAS-2023-1815)
The version of php72-pecl-imagick installed on the remote host is prior to 3.4.4-2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1815 advisory. ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds....
SUSE: Security Advisory (SUSE-SU-2022:3957-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : php72 (SUSE-SU-2022:3957-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3957-1 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files,...
SUSE-SU-2022:3957-1 Security update for php72
This update for php72 fixes the following issues: - CVE-2022-31628: Fixed an uncontrolled recursion in the phar uncompressor while decompressing 'quines' gzip files. bsc1203867 - CVE-2022-31629: Fixed a bug which could lead an attacker to set an insecure cookie that will treated as secure in the...
SUSE: Security Advisory (SUSE-SU-2022:2183-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:2183-1 Security update for php72
This update for php72 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. bsc1200645 - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdomysql extension with mysqlnd driver. bsc1200628...
SUSE: Security Advisory (SUSE-SU-2022:1714-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : php72 (SUSE-SU-2022:1714-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1714-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable, Inc...
SUSE-SU-2022:1714-1 Security update for php72
This update for php72 fixes the following issues: - Fixed filtervar bypass vulnerability bsc1197644...
SUSE: Security Advisory (SUSE-SU-2022:0577-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : php72 (SUSE-SU-2022:0577-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0577-1 advisory. - An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php- fpm master process...
SUSE-SU-2022:0577-1 Security update for php72
This update for php72 fixes the following issues: - CVE-2015-9253: Fixed endless loop when the master process restarts a child process using program execution functions bsc1081790. - CVE-2017-8923: Fixed denial of service application crash when using .= with a long string zendstringextend func in...
SUSE: Security Advisory (SUSE-SU-2021:3727-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:3727-1 Security update for php72
This update for php72 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM bsc1192050...
SUSE SLED12 / SLES12 Security Update : php72 (SUSE-SU-2021:2926-1)
The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2926-1 advisory. - Tar.php in ArchiveTar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related...
SUSE: Security Advisory (SUSE-SU-2021:2926-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2021:2926-1 Security update for php72
This update for php72 fixes the following issues: - CVE-2020-36193: Fixed ArchiveTar directory traversal due to inadequate checking of symbolic links bsc1189591...
SUSE SLED12 / SLES12 Security Update : php72 (SUSE-SU-2021:2638-1)
The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2638-1 advisory. - In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database...