Download
| Alert*
oval:org.secpod.oval:def:3300866
SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:89047906 This update for php7 fixes the following issues: - Version update to 7.2.34 [jsc#SLE-23639] - CVE-2022-37454: Fixed SHA-3 buffer overflow . - Fix integer overflow in PHP_SHA3##bits . oval:org.secpod.oval:def:89047905 This update for php7 fixes the following issues: - Version update to 7.4.33: - CVE-2022-31630: Fixed out-of-bounds read due to insufficient input validation in imageloadfont . - CVE-2022-37454: Fixed buffer overflow in hash_update on long parameter . - Version update to 7.4.32 - CVE-2022-31628: Fix ... oval:org.secpod.oval:def:3300882 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:3300388 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:3000280 Multiple security issues were discovered in PHP, a widely-used open source general purpose scripting language which could result in denial of service, information disclosure, insecure cooking handling or potentially the execution of arbitrary code. oval:org.secpod.oval:def:5800122 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Use after free due to php_filter_float failing for ints * php: Uninitialized array in pg_query_params leading to R ... oval:org.secpod.oval:def:3300527 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:2107892 Oracle Solaris 11 - ( CVE-2022-31627 ) oval:org.secpod.oval:def:88543 php8.1: HTML-embedded scripting language interpreter - php8.0: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter - php7.2: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:3300568 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:3300349 SUSE Security Update: Security update for php7 oval:org.secpod.oval:def:707151 php8.1: HTML-embedded scripting language interpreter - php8.0: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter - php7.2: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:4501004 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: uninitialized array in pg_query_params leading to RCE For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to th ... oval:org.secpod.oval:def:97659 [CLSA-2022:1658171149] Fixed CVE-2022-31625 in php oval:org.secpod.oval:def:85949 Charles Fol discovered two security issues in PHP, a widely-used open source general purpose scripting language which could result an denial of service or potentially the execution of arbitrary code: CVE-2022-31625 Incorrect memory handling in the pg_query_params function. CVE-2022-31626 A buffer ov ... oval:org.secpod.oval:def:507128 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: uninitialized array in pg_query_params leading to RCE For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to th ... oval:org.secpod.oval:def:89046732 This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. . oval:org.secpod.oval:def:1701626 A vulnerability was found in PHP due to an uninitialized array in pg_query_params function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. This flaw allows a remote a ... oval:org.secpod.oval:def:507308 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Use after free due to php_filter_float failing for ints * php: Uninitialized array in pg_query_params leading to R ... oval:org.secpod.oval:def:608690 Charles Fol discovered two security issues in PHP, a widely-used open source general purpose scripting language which could result an denial of service or potentially the execution of arbitrary code: CVE-2022-31625 Incorrect memory handling in the pg_query_params function. CVE-2022-31626 A buffer ov ... oval:org.secpod.oval:def:707624 php7.2: HTML-embedded scripting language interpreter Details: USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Ubuntu 18.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5479-1 was incomplete and ... oval:org.secpod.oval:def:87163 [8.0.20-3] - snmp3 calls using authPriv or authNoPriv immediately return false #2104630 [8.0.20-2] - fix patch41 not applied [8.0.20-1] - rebase to 8.0.20 #2095752 - clean unneeded dependency on useradd command #2095447 - add upstream patch to initialize pcre before mbstring - retrieve tzdata versi ... oval:org.secpod.oval:def:2500879 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:507074 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix: * php: password of excessive length triggers buffer overflow leading to RCE * php: Local privilege escalation via PHP-FPM * php: special character breaks path in xml parsing * php: uninitialized ar ... oval:org.secpod.oval:def:507392 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Use after free due to php_filter_float failing for ints * php: Uninitialized array in pg_query_params leading to R ... oval:org.secpod.oval:def:1506191 libzip [1.7.3-1] - update to 1.7.3 php-pecl-apcu [5.1.20-1] - update to 5.1.20 php-pecl-rrd [2.0.3-1] - update to 2.0.3 php-pecl-xdebug3 [3.1.2-1] - update to 3.1.2 rhbz#2030322 oval:org.secpod.oval:def:1701953 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect ... oval:org.secpod.oval:def:122469 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:122466 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fai ... oval:org.secpod.oval:def:1505984 php [7.4.19-4] - fix uninitialized array in pg_query_params leading to RCE CVE-2022-31625 oval:org.secpod.oval:def:2600080 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:89046424 This update for php7 fixes the following issues: - CVE-2022-31625: Fixed uninitialized pointers free in Postgres extension. - CVE-2022-31626: Fixed buffer overflow via user-supplied password when using pdo_mysql extension with mysqlnd driver. . oval:org.secpod.oval:def:4501008 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * php: Use after free due to php_filter_float failing for ints * php: Uninitialized array in pg_query_params leading to R ... oval:org.secpod.oval:def:3300441 SUSE Security Update: Security update for php8 oval:org.secpod.oval:def:2500743 PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. oval:org.secpod.oval:def:88544 php7.2: HTML-embedded scripting language interpreter Details: USN-5479-1 fixed vulnerabilities in PHP. Unfortunately that update for CVE-2022-31625 was incomplete for Linux Mint 19.x LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5479-1 was incomplete a ... oval:org.secpod.oval:def:87176 The host is installed with PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20 or 8.1.x below 8.1.7 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle issue in the Postgres database extension. On successful exploitation, when using ... |