openSUSE Security Advisory (SUSE-SU-2024:4136-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:4136-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter bsc1233702. - CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs bsc1233703. - CVE-2024-8929: Leak partial content of the...

php8-8.3.14-1.1 on GA media (moderate)

php8-8.3.14-1.1 on GA media Announcement ID: openSUSE-SU-2024:14521-1 Rating: moderate Cross-References: CVE-2024-11233 CVE-2024-11234 CVE-2024-11236 CVE-2024-8929 CVE-2024-8932 CVSS scores: CVE-2024-11233 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2024-11233 SUSE : 8.3...

OPENSUSE-SU-2024:14521-1 php8-8.3.14-1.1 on GA media

These are all security issues fixed in the php8-8.3.14-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2023-52044

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...

CVE-2023-52044

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...

CVE-2023-52044

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution due to unrestricted upload of .php8 files. This affects elFinder’s file upload handling and can allow arbitrary code execution on the server. The Veracode/Snyk records corroborate RCE and cite upgrading to 2.1.63+ as the remediation...

PT-2024-14373 · Studio 42 · Elfinder

Name of the Vulnerable Software and Affected Versions: Studio-42 eLfinder versions 2.1.62 and prior Description: The issue is related to Remote Code Execution RCE due to the lack of restriction for uploading files with the .php8 extension. This allows users to upload malicious files, potentially...

CVE-2023-52044

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...

CVE-2023-52044

Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution RCE as there is no restriction for uploading files with the .php8 extension...

openSUSE Security Advisory (SUSE-SU-2024:3729-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:3729-1 Security update for php8

This update for php8 fixes the following issues: Update to php 8.2.24: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an...

openSUSE Security Advisory (SUSE-SU-2024:3664-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : php8 (SUSE-SU-2024:3664-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3664-1 advisory. - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not...

SUSE-SU-2024:3664-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed bsc1231360 - CVE-2024-8927: Fixed cgi.forceredirect configuration is bypassable due to an environment variable...

OPENSUSE-SU-2024:14376-1 php8-8.3.12-1.1 on GA media

These are all security issues fixed in the php8-8.3.12-1.1 package on the GA media of openSUSE Tumbleweed...

openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2024:0257-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0257-1 advisory. Update to 1.6.7 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerabilities: F...

openSUSE Security Advisory (SUSE-SU-2024:2038-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2024:2039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:2038-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...