Download
| Alert*
oval:org.secpod.oval:def:3300866
SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:89047906 This update for php7 fixes the following issues: - Version update to 7.2.34 [jsc#SLE-23639] - CVE-2022-37454: Fixed SHA-3 buffer overflow . - Fix integer overflow in PHP_SHA3##bits . oval:org.secpod.oval:def:89047905 This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont . - CVE-2022-37454: Fixed buffer overflow in hash_update on long parameter . - Version update to 7.4.32 - CVE-2022-31628: Fix ... oval:org.secpod.oval:def:3300882 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:3300388 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:3000280 Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result in denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code. oval:org.secpod.oval:def:3300568 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:78423 php7.4: HTML-embedded scripting language interpreter - php7.2: HTML-embedded scripting language interpreter Details: USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Linux Mint 19.x LTS and Linux Mint 20.x LTS. Original advisory Several security issues were ... oval:org.secpod.oval:def:4500946 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php , php-pear . Security Fix: * php: Special character breaks path in xml parsing * php: Use after free due to php_filter_float failing for ... oval:org.secpod.oval:def:85944 Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service. oval:org.secpod.oval:def:3301004 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:2107188 Oracle Solaris 11 - ( CVE-2021-21707 ) oval:org.secpod.oval:def:706334 php7.4: HTML-embedded scripting language interpreter - php7.2: HTML-embedded scripting language interpreter Details: USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory Several security issues were fixed ... oval:org.secpod.oval:def:507074 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: password of excessive length triggers buffer overflow leading to RCE * php: Local privilege escalation via PHP-FPM * php: special character breaks path in xml parsing * php: uninitialized ar ... oval:org.secpod.oval:def:2500878 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:507332 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php , php-pear . Security Fix: * php: Special character breaks path in xml parsing * php: Use after free due to php_filter_float failing for ... oval:org.secpod.oval:def:1506193 libzip [1.6.1-1] - update to 1.6.1 - enable lzma support php [7.4.30-1] - rebase to 7.4.30 #2099615 [7.4.19-3] - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 [7.4.19-2] - fix SSRF bypass in FILTER_VALIDATE_URL CVE-2021-21705 - fix Local privilege escalation ... oval:org.secpod.oval:def:1701612 A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language entity. A special character could allow an attacker to traverse directories. The highest threat from this vulnerability is confidentiality oval:org.secpod.oval:def:121219 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:605951 Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service. oval:org.secpod.oval:def:3300441 SUSE Security Update: Security update for php8 oval:org.secpod.oval:def:121172 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:706339 php8.0: HTML-embedded scripting language interpreter Details: USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 21.10. Original advisory Several security issues were fixed in PHP. oval:org.secpod.oval:def:121178 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:89046085 This update for php7 fixes the following issues: - CVE-2021-21703: Fixed local privilege escalation via PHP-FPM . - CVE-2021-21707: Fixed special character breaks path in xml parsing . - CVE-2017-8923: Fixed denial of service when using .= with a long string . - CVE-2015-9253: Fixed endless loop w ... oval:org.secpod.oval:def:76625 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filen ... |