Lucene search
K

462 matches found

RedHat Linux
RedHat Linux
added 2022/11/02 4:38 p.m.36 views

Moderate: Red Hat Security Advisory: php-pear security update

An update for php-pear is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.8CVSS7.3AI score0.84554EPSS
Exploits5References4
Positive Technologies
Positive Technologies
added 2022/10/31 12:0 a.m.12 views

PT-2022-21788 · Unknown · Smart Slider 3

Name of the Vulnerable Software and Affected Versions: Smart Slider 3 versions prior to 3.5.1.11 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injection issues if a malicious file is imported and a suitable gadget chai...

8.8CVSS8.8AI score0.01903EPSS
Exploits3References4
Cvelist
Cvelist
added 2022/10/31 12:0 a.m.19 views

CVE-2022-3380 Customizer Export/Import < 0.9.5 - Admin+ PHP Objection Injection

The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...

7.3AI score0.01126EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/10/31 12:0 a.m.4 views

PT-2022-21856 · WordPress · Ocean Extra

Name of the Vulnerable Software and Affected Versions: Ocean Extra WordPress plugin versions prior to 2.0.5 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when a high-privilege user imports a malicious...

7.2CVSS6.9AI score0.01126EPSS
Exploits2References4
CVE
CVE
added 2022/10/31 12:0 a.m.66 views

CVE-2022-3334

Summary: CVE-2022-3334 affects the WordPress plugin Easy WP SMTP, versions

7.2CVSS7.1AI score0.01126EPSS
Exploits2References1Affected Software1
UbuntuCve
UbuntuCve
added 2022/10/20 11:15 a.m.25 views

CVE-2022-37298

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server...

9.8CVSS7.2AI score0.01991EPSS
Exploits2References3
Prion
Prion
added 2022/09/26 1:15 p.m.22 views

Design/Logic Flaw

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

5.8CVSS7AI score0.01091EPSS
Exploits2References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/09/17 12:0 a.m.44 views

RHEL 8 : php:7.4 (RHSA-2022:6541)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6541 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization...

7.8CVSS7.5AI score0.84554EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2022/09/16 12:0 a.m.40 views

Oracle Linux 8 : php:7.4 (ELSA-2022-6542)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6542 advisory. php-pear 1:1.10.13-1 - update PEAR to 1.10.13 - update ArchiveTar to 1.4.14 Tenable has extracted the preceding description block directly from the...

7.8CVSS7.7AI score0.84554EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2022/09/15 8:54 a.m.63 views

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.3AI score0.84554EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2022/09/15 8:54 a.m.2 views

Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

7.8CVSS5.8AI score0.47493EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2022/09/15 8:38 a.m.58 views

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS7.3AI score0.84554EPSS
Exploits5References4
RedHat Linux
RedHat Linux
added 2022/09/15 8:38 a.m.5 views

Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

7.8CVSS5.8AI score0.47493EPSS
Exploits2References4
OSV
OSV
added 2022/09/15 8:6 a.m.30 views

RLSA-2022:6542 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

7.8CVSS7.9AI score0.84554EPSS
Exploits5References4
OSV
OSV
added 2022/09/15 12:0 a.m.33 views

ALSA-2022:6542 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

7.8CVSS7.9AI score0.84554EPSS
Exploits5References8
Tenable Nessus
Tenable Nessus
added 2022/09/15 12:0 a.m.50 views

RHEL 8 : php:7.4 (RHSA-2022:6542)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6542 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization...

7.8CVSS7.5AI score0.84554EPSS
Exploits5References9
AlmaLinux
AlmaLinux
added 2022/09/15 12:0 a.m.48 views

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 ArchiveTar: improper filename sanitization leads to file overwrites CVE-2020-28949...

7.8CVSS7.8AI score0.84554EPSS
Exploits5References8
Tenable Nessus
Tenable Nessus
added 2022/09/15 12:0 a.m.37 views

CentOS 8 : php:7.4 (CESA-2022:6542)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:6542 advisory. - ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 - ArchiveTar: improper filename...

7.8CVSS7.5AI score0.84554EPSS
Exploits5References4
CISA KEV Catalog
CISA KEV Catalog
added 2022/08/25 12:0 a.m.20 views

PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability

PEAR ArchiveTar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drup...

7.8CVSS2.5AI score0.84554EPSS
In wildExploits4
Github Security Blog
Github Security Blog
added 2022/05/17 5:23 a.m.29 views

Typo3 Extbase Framework Unsafe Deserialization

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument."...

5CVSS7.9AI score0.02365EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder