EUVD-2021-25027

Malware in sbrugna...

Alibaba Cloud Linux 3 : 0161: php:7.4 (ALINUX3-SA-2022:0161)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0161 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-28948: ArchiveTar through 1.4.10...

CentOS 7 : php-pear (RHSA-2022:7340)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7340 advisory. - ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. CVE-2020-28948 - ArchiveTar through...

RHEL 8 : php-pear (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949 - ArchiveTar through...

RHEL 6 : archive_tar (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949 - ArchiveTar through...

BIT-DRUPAL-2020-28948

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

SUSE CVE-2020-28948

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

Rocky Linux 8 : php:7.4 (RLSA-2022:6542)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6542 advisory. - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to...

Scientific Linux Security Update : php-pear on SL7.x (noarch) (2022:7340)

The remote Scientific Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the SLSA-2022:7340-1 advisory. - ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 - ArchiveTar: improper filename...

RHEL 7 : php-pear (RHSA-2022:7340)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7340 advisory. The php-pear package contains the PHP Extension and Application Repository PEAR, a framework and distribution system for reusable PHP...

Oracle Linux 7 : php-pear (ELSA-2022-7340)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7340 advisory. 1:1.9.4-23 - update ArchiveTar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949 Tenable has extracted the preceding description block directly fr...

Moderate: Red Hat Security Advisory: php-pear security update

An update for php-pear is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

RHEL 8 : php:7.4 (RHSA-2022:6541)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6541 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization...

Oracle Linux 8 : php:7.4 (ELSA-2022-6542)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6542 advisory. php-pear 1:1.10.13-1 - update PEAR to 1.10.13 - update ArchiveTar to 1.4.14 Tenable has extracted the preceding description block directly from the...

Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2022:6542 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...