Download
| Alert*
oval:org.secpod.oval:def:2105272
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. oval:org.secpod.oval:def:604578 Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups. oval:org.secpod.oval:def:705255 php7.3: HTML-embedded scripting language interpreter - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter PHP could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1601073 In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. oval:org.secpod.oval:def:70631 Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups. oval:org.secpod.oval:def:59447 Security researcher Omar Ganiev published a tweet regarding a "freshly patched" remote code execution vulnerability in PHP-FPM, the FastCGI Process Manager (FPM) for PHP. CVE-2019-11043 is an env_path_info underflow flaw in PHP-FPM's fpm_main.c. oval:org.secpod.oval:def:205386 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: underflow in env_path_info in fpm_main.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page li ... oval:org.secpod.oval:def:1507098 Oracle Linux 8 php:8.0 security update oval:org.secpod.oval:def:503440 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: underflow in env_path_info in fpm_main.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page li ... oval:org.secpod.oval:def:2500031 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:504854 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: underflow in env_path_info in fpm_main.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page li ... oval:org.secpod.oval:def:1700257 In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. oval:org.secpod.oval:def:117252 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:205387 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: underflow in env_path_info in fpm_main.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page li ... oval:org.secpod.oval:def:69772 Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups. oval:org.secpod.oval:def:2500033 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:1502728 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502708 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502709 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:76649 In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. oval:org.secpod.oval:def:117246 Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a prog ... oval:org.secpod.oval:def:503373 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: underflow in env_path_info in fpm_main.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page li ... oval:org.secpod.oval:def:1902877 env_path_info underflow in fpm_main.c can lead to RCE oval:org.secpod.oval:def:503374 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: underflow in env_path_info in fpm_main.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page li ... oval:org.secpod.oval:def:60958 The host is installed with Apple Mac OS X 10.13.6, 10.14.6 or 10.15.2 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle a issue in PHP. Successful exploitation allows an attacker to execute system commands using crafted reques ... oval:org.secpod.oval:def:503438 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: underflow in env_path_info in fpm_main.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page li ... oval:org.secpod.oval:def:504902 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: rh-php72-php . Security Fix: * php: underflow in env_path_info in fpm_main.c * gd: Unsigned integer underflow _gdContributionsAlloc * gd: He ... oval:org.secpod.oval:def:504866 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: underflow in env_path_info in fpm_main.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page li ... oval:org.secpod.oval:def:59606 php7.3: HTML-embedded scripting language interpreter - php7.2: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter PHP could be made to run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1502731 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:604581 Emil Lerner and Andrew Danau discovered that insufficient validation in the path handling code of PHP FPM could result in the execution of arbitrary code in some setups. oval:org.secpod.oval:def:3300866 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:89047906 This update for php7 fixes the following issues: - Version update to 7.2.34 [jsc#SLE-23639] - CVE-2022-37454: Fixed SHA-3 buffer overflow . - Fix integer overflow in PHP_SHA3##bits . oval:org.secpod.oval:def:60956 The host is missing a security update according to Apple advisory, APPLE-SA-2020-1-28-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code or ... |