Download
| Alert*
oval:org.secpod.oval:def:2103534
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default val ... oval:org.secpod.oval:def:2103546 The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as ... oval:org.secpod.oval:def:1701881 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token and ... oval:org.secpod.oval:def:1800817 CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at during regular expression searching. A logical error involving order of validation and access in match_at could r ... oval:org.secpod.oval:def:112887 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:41755 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:112602 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:112624 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1600744 Out-of-bounds heap write in bitset_set_range:An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range during regular expression compilation due to an uninitialized variable from ... oval:org.secpod.oval:def:97632 [CLSA-2022:1651177943] Fix of 227 CVE oval:org.secpod.oval:def:89044777 This update for php53 fixes the following issues: This security issue was fixed: - CVE-2017-7272: PHP enabled potential SSRF in applications that accept an fsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax was recognized, fsockopen used the p ... oval:org.secpod.oval:def:113272 Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified oval:org.secpod.oval:def:112458 Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified oval:org.secpod.oval:def:1600752 Out-of-bounds heap write in bitset_set_rangeAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range during regular expression compilation due to an uninitialized variable from ... oval:org.secpod.oval:def:2103442 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an ... oval:org.secpod.oval:def:112451 Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified oval:org.secpod.oval:def:52876 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:1800377 CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at during regular expression searching. A logical error involving order of validation and access in match_at could r ... oval:org.secpod.oval:def:51527 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:504906 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php70-php . Security Fix: * php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * php: Use after free in wddx_dese ... oval:org.secpod.oval:def:1800910 CVE-2017-9224: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at during regular expression searching. A logical error involving order of validation and access in match_at could r ... oval:org.secpod.oval:def:703748 php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. |