Lucene search
K

285 matches found

OSV
OSV
added 2025/09/11 12:0 a.m.8 views

ALSA-2025:15687 Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

9.8CVSS7.1AI score0.02286EPSS
Exploits5References18
AlmaLinux
AlmaLinux
added 2025/09/11 12:0 a.m.4 views

Moderate: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

9.8CVSS7.2AI score0.02286EPSS
Exploits5References18
SUSE CVE
SUSE CVE
added 2025/08/25 11:22 p.m.3 views

SUSE CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

7.5CVSS6.8AI score0.01211EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/24 7:26 p.m.5 views

CVE-2025-54813

A flaw was found in apache-log4cxx. When utilizing JSONLayout, the component fails to properly escape certain payload bytes, allowing attacker-supplied messages containing specific non-printable characters to be passed through unescaped. This allows an attacker to inject arbitrary data into log...

7.5CVSS6.1AI score0.01211EPSS
Exploits0References5
Snyk
Snyk
added 2025/08/22 7:43 p.m.2 views

Improper Output Neutralization for Logs

Overview Affected versions of this package are vulnerable to Improper Output Neutralization for Logs in the JSONLayout class. An attacker can inject non-printable characters into log messages by supplying specially crafted input, which may cause downstream applications that consume these logs to...

7.5CVSS6.9AI score0.01211EPSS
Exploits0References2
OSV
OSV
added 2025/08/22 7:15 p.m.6 views

CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

7.5CVSS6.9AI score0.01211EPSS
Exploits0References4
OSV
OSV
added 2025/08/22 7:15 p.m.1 views

DEBIAN-CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

7.5CVSS5.3AI score0.01211EPSS
Exploits0References1
OSV
OSV
added 2025/08/22 7:15 p.m.3 views

UBUNTU-CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

7.5CVSS5.8AI score0.01211EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/08/22 6:45 p.m.4 views

CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

7.5CVSS5.3AI score0.01211EPSS
Exploits0
CVE
CVE
added 2025/08/22 6:45 p.m.39 views

CVE-2025-54813

CVE-2025-54813 affects Apache Log4cxx prior to 1.5.0, due to improper output neutralization for JSONLayout where certain non‑printable characters in attacker-supplied messages are not escaped, potentially impacting log consumption. Fedora advisory confirms a 1.5.0-1.fc41 update as the fix, and De...

7.5CVSS6.3AI score0.01211EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/08/22 6:45 p.m.8 views

CVE-2025-54813 Apache Log4cxx: Improper escaping with JSONLayout

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

6.3CVSS0.01211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2009-4488

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly...

9.8CVSS6.2AI score0.12758EPSS
Exploits2References3
OSV
OSV
added 2025/08/11 1:54 p.m.2 views

BIT-LIBPHP-2024-11233 Single byte overread with convert.quoted-printable-decode filter

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas...

8.2CVSS7.3AI score0.01618EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 3:1 a.m.5 views

CVE-2023-1708

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine...

9.8CVSS7AI score0.01109EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/13 2:0 p.m.50 views

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

8.2CVSS5.8AI score0.01618EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:42 a.m.7 views

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

8.2CVSS5.8AI score0.01618EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/04/28 3:19 p.m.14 views

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

8.2CVSS5.8AI score0.01618EPSS
Exploits1References5
Amazon
Amazon
added 2025/03/06 12:0 a.m.10 views

Medium: php8.3

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS8.4AI score0.02286EPSS
Exploits6
Amazon
Amazon
added 2025/03/06 12:0 a.m.11 views

Medium: php8.2

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

9.8CVSS8.4AI score0.02286EPSS
Exploits6
SUSE CVE
SUSE CVE
added 2025/02/14 5:33 a.m.2 views

SUSE CVE-2024-11233

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas...

6.5CVSS5.9AI score0.01618EPSS
Exploits1References12
Rows per page
Query Builder