SUSE-SU-2026:2091-1 Security update for php7

This update for php7 fixes the following issues - CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution bsc1264776. - CVE-2026-6735: improper validation of the request URI within the PHP-FPM status page can lead to XSS bsc1264775. - CVE-2026-7258: signed char...

Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2026-1728)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1728 advisory. In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a globa...

Important: php8.4

Issue Overview: Global buffer over-read in mbconvertencoding with attacker-supplied encoding CVE-2026-6104 In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a...

SUSE SLES15 Security Update : php8 (SUSE-SU-2026:1958-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1958-1 advisory. This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when...

OESA-2026-2341 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

OESA-2026-2340 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

MiracleLinux 4 : php-5.3.3-27.AXS4 (AXSA:2014-029:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-029:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers...

Avid多款产品 安全漏洞

Avid NEXIS E-series, among others, is a virtualized storage platform from Avid, USA. A security vulnerability exists in various Avid products that stems from the use of a vulnerable version of gSOAP, which could lead to an unauthenticated path traversal attack. The following products and versions...

SugarCRM 13.0.1 Shell Upload Exploit

SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the setnoteattachment SOAP call. ------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability...

Important: php

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

F5 Networks BIG-IP : BIG-IP and BIG-IQ iControl SOAP vulnerability (K000133472)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.5 / 15.1.9.1 / 16.1.3.5 / 17.1.0.2. It is, therefore, affected by a vulnerability as referenced in the K000133472 advisory. - An authenticated attacker with guest privileges or higher can cause the iControl SOAP...

SUSE CVE-2015-8835

The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service NULL pointer dereference, type confusion, and application crash or possibly execute...

com.blazemeter:jmeter-plugins-directory-listing (>=0.2 <=0.3), com.blazemeter:jmeter-plugins-random-csv-data-set (>=0.6 <=0.8) +134 more potentially affected by CVE-2022-45378 via soap:soap (>=2.3 <=2.3.1)

soap:soap MAVEN version =2.3, =0.2, =0.6, =0.3, =1.0.0, =0.0.0, =0.0.0, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.1.0, =1.0.0, =1.1.3 and more Source cves: CVE-2022-45378 Source advisory: OSV:GHSA-789V-H9HW-38PG...

com.blazemeter:jmeter-plugins-directory-listing (>=0.2 <=0.3), com.blazemeter:jmeter-plugins-random-csv-data-set (>=0.6 <=0.8) +134 more potentially affected by CVE-2022-40705 via soap:soap (>=2.3 <=2.3.1)

soap:soap MAVEN version =2.3, =0.2, =0.6, =0.3, =1.0.0, =0.0.0, =0.0.0, =1.3.1-2.6, =1.4, =1.0.0-2.13, =1.1.0, =1.0.0, =1.1.3 and more Source cves: CVE-2022-40705 Source advisory: OSV:GHSA-JQ8C-J47C-VVWM...

CVE-2022-29474

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at...

F5 Networks BIG-IP : iControl SOAP vulnerability (K59904248)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K59904248 advisory. - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

The vulnerability of the syntactic analyzer of the SOAP interpreter for the PHP programming language allows attackers to exploit it to disclose protected information.

The vulnerability of the PHP programming language interpreter is related to the exposure of protected information. Exploiting this vulnerability allows an attacker, operating remotely, to compromise protected information through the SOAP WSDL file...

NEC Aterm WF1200CR and Aterm WG1200CR Operating System Command Injection Vulnerability

The NEC Aterm WF1200CR and Aterm WG1200CR are both router products from Nippon Electric NEC. An operating system command injection vulnerability exists in the SOAP interface of the 'UPnP' function in the NEC Aterm WF1200CR with firmware version 1.1.1 and earlier and the Aterm WG1200CR with firmwa...

Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution Exploit

Exploit for linux platform in category remote exploits require 'msf/core' class MetasploitModule 'Alienvault OSSIM av-centerd Util.pm syncrserver Command Execution', 'Description' = %q This module exploits a command injection vulnerability found within the syncrserver function in Util.pm. The...

The vulnerability of the PHP interpreter allows attackers to trigger a service failure or execute arbitrary code.

The vulnerability of the functions ext/soap/phpencoding.c, ext/soap/phphttp.c, and ext/soap/soap.c in the PHP interpreter is related to errors in data type mixing. Exploiting this vulnerability can allow an attacker to cause a service failure application termination or execute arbitrary code usin...