Lucene search
K

40 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions prior to 7.4.31, 8.0.24, and 8.1.11, the phar uncompressor code would recursively uncompress “quines” gzip files, resulting in an infinite loop...

5.5CVSS7AI score0.00565EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-31628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop...

5.5CVSS6.9AI score0.00565EPSS
Exploits0References2
OSV
OSV
added 2025/01/14 7:21 p.m.12 views

BIT-PHP-MIN-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

5.5CVSS7.2AI score0.00565EPSS
Exploits0References9
OSV
OSV
added 2024/03/06 11:3 a.m.28 views

BIT-PHP-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

5.5CVSS7.2AI score0.00565EPSS
Exploits0References9
Amazon
Amazon
added 2024/02/05 12:0 a.m.4 views

Medium: php

Issue Overview: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...

6.5CVSS7.7AI score0.49336EPSS
Exploits2
Amazon
Amazon
added 2023/09/13 12:0 a.m.6 views

Medium: php

Issue Overview: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to...

6.5CVSS7.2AI score0.49336EPSS
Exploits2
OSV
OSV
added 2023/09/02 11:5 a.m.4 views

OESA-2023-1566 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

5.5CVSS6.9AI score0.00565EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.7 views

The vulnerability of the PlainTextUncompressor::UncompressItem function in the XML data compression tool Xmill allows a attacker to execute arbitrary code.

The vulnerability of the PlainTextUncompressor::UncompressItem function in the XML data compression tool Xmill is related to a memory boundary error during XML file processing. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

10CVSS7.8AI score0.02274EPSS
Exploits1References6Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.50 views

Oracle Linux 8 : php:7.4 (ELSA-2023-2903)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2903 advisory. - CVE-2015-2331: integer overflow when processing ZIP archives 1204676,1204677 - fixes for CVE-2012-1162 and CVE-2012-1163 - fix: due to an integer...

9.8CVSS8.1AI score0.99998EPSS
Exploits125References6
BDU FSTEC
BDU FSTEC
added 2023/05/22 12:0 a.m.13 views

Vulnerability of the Decompression Enumeration function in Uncompressor::UncompressItem. This compression tool for XML data allows attackers to execute arbitrary code.

Vulnerability of Decompression Enumeration function: Uncompressor::UncompressItem, an XML data compression tool, is vulnerable to a memory boundary error during XML file processing. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

8.1CVSS7.8AI score0.02545EPSS
Exploits1References8Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/16 9:8 a.m.6 views

php: phar: infinite loop when decompressing quine gzip file

A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of servi...

5.5CVSS7.4AI score0.00565EPSS
Exploits0References5
OSV
OSV
added 2023/05/12 11:5 a.m.6 views

OESA-2023-1271 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

6.5CVSS6.9AI score0.49336EPSS
Exploits2References3
OSV
OSV
added 2023/05/12 11:5 a.m.4 views

OESA-2023-1272 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

6.5CVSS6.9AI score0.49336EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2023/05/09 10:2 a.m.6 views

php: phar: infinite loop when decompressing quine gzip file

A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of servi...

5.5CVSS7.4AI score0.00565EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/02/28 12:0 a.m.78 views

RHEL 9 : php (RHSA-2023:0965)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0965 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

9.8CVSS7.5AI score0.49336EPSS
Exploits6References13
Tenable Nessus
Tenable Nessus
added 2023/02/28 12:0 a.m.90 views

Oracle Linux 9 : php (ELSA-2023-0965)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0965 advisory. 8.0.27-1 - rebase to 8.0.27 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...

9.8CVSS7.2AI score0.49336EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.60 views

Rocky Linux 8 : php:8.0 (RLSA-2023:0848)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0848 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute...

9.8CVSS8AI score0.49336EPSS
Exploits6References11
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.39 views

Oracle Linux 8 : php:8.0 (ELSA-2023-0848)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0848 advisory. php 8.0.27-1 - rebase to 8.0.27 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

9.8CVSS7.2AI score0.49336EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2023/02/21 9:35 a.m.7 views

php: phar: infinite loop when decompressing quine gzip file

A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of servi...

5.5CVSS7.4AI score0.00565EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.4 views

SUSE CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

4.4CVSS8.9AI score0.00565EPSS
Exploits0References10
Rows per page
Query Builder