[ASA-202102-14] php7: denial of service

Arch Linux Security Advisory ASA-202102-14 ========================================== Severity: Medium Date : 2021-02-06 CVE-ID : CVE-2021-21702 Package : php7 Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1532 Summary ======= The package php7 before version...

openSUSE Security Update : php7 (openSUSE-2021-106)

This update for php7 fixes the following issue : - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706. This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and packag...

openSUSE Security Update : php7 (openSUSE-2021-101)

This update for php7 fixes the following issue : - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706. This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security, Inc. The descriptive text and package...

OPENSUSE-SU-2021:0106-1 Security update for php7

This update for php7 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706. This update was imported from the SUSE:SLE-15-SP2:Update update project...

Security update for php7 (moderate)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2021:0106-1 Rating: moderate References: 1180706 Cross-References: CVE-2020-7071 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for php7 fixes t...

OPENSUSE-SU-2021:0101-1 Security update for php7

This update for php7 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706. This update was imported from the SUSE:SLE-15:Update update project...

Security update for php7 (moderate)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2021:0101-1 Rating: moderate References: 1180706 Cross-References: CVE-2020-7071 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for php7 fixes t...

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2021:0124-1)

This update for php7 fixes the following issue : CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

Medium: php7-pear

Issue Overview: ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28948 ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to overwrite...

SUSE-SU-2021:0124-1 Security update for php7

This update for php7 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706...

Amazon Linux AMI : php7-pear (ALAS-2021-1466)

The version of php7-pear installed on the remote host is prior to 1.10.12-4.30. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1466 advisory. ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

Privilege Escalation

php7 is vulnerable to privilege escalation. The vulnerability is possible due to insufficient validation of URL performed via the "FILTERVALIDATEURL" setting. A remote attacker can use the "@" characters in the URL to bypass implemented filter and force the application to accept arbitrary URL...

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2941-1)

This update for php7 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite...

SUSE SLES12 Security Update : php7 (SUSE-SU-2020:2920-1)

This update for php7 fixes the following issues : CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite existing prefixed cookie names bsc1177352. Added tmpfiles.d for php-fpm to provide a base for a socket bsc1173786 Note that Tenable Network Security has...

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2997-1)

This update for php7 fixes the following issues : CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to overwrite...

File Upload Vulnerability in UKcms

UKcms is a simple, flexible and open source web content management system based on PHP7 and mysql technology. UKcms has a file upload vulnerability, the vulnerability is due to the system does not strictly filter the file upload type. Attackers can use this vulnerability to upload script Trojans...

openSUSE Security Update : php7 (openSUSE-2020-1767)

This update for php7 fixes the following issues : - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...

openSUSE: Security Advisory for php7 (openSUSE-SU-2020:1767-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1767-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2020-7069: Fixed an issue when AES-CCM mode was used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV was used bsc1177351. - CVE-2020-7070: Fixed an issue where percent-encoded cookies could have been used to...

Security update for php7 (important)

openSUSE Security Update: Security update for php7 Announcement ID: openSUSE-SU-2020:1767-1 Rating: important References: 1173786 1177351 1177352 Cross-References: CVE-2020-7069 CVE-2020-7070 Affected Products: openSUSE Leap 15.1 An update that solves two vulnerabilities and has one errata is now...