Page 3 of 28 results (0.022 seconds)

CVSS: 9.8EPSS: 3%CPEs: 15EXPL: 1

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. La implementación de referencia de Keccak XKCP SHA-3 versiones anteriores a fdc6fef, presenta un desbordamiento de enteros y un desbordamiento de búfer resultante que permite a atacantes ejecutar código arbitrario o eliminar las propiedades criptográficas esperadas. Esto ocurre en la interfaz de la función sponge A flaw was found in the Keccak XKCP SHA-3 reference implementation. The sponge function interface allows partial input data to be processed, and partial output to be produced. • https://csrc.nist.gov/projects/hash-functions/sha-3-project https://eprint.iacr.org/2023/331 https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&# • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, la vulnerabilidad permite a atacantes de la red y del mismo sitio establecer una cookie no segura estándar en el navegador de la víctima que es tratada como una cookie "__Host-" o "__Secure-" por las aplicaciones PHP A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser, which is treated as a `__Host-` or `__Secure-` cookie by PHP applications, posing a threat to data integrity. • https://github.com/silnex/CVE-2022-31629-poc http://www.openwall.com/lists/oss-security/2024/04/12/11 https://bugs.php.net/bug.php?id=81727 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY https://lists.fedoraproject.org/archives/list/package- • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, el código del descompresor phar descomprimía recursivamente archivos gzip "quines", resultando en un bucle infinito A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. • https://bugs.php.net/bug.php?id=81726 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV https://security.gentoo.org/glsa/202211-03 https:/ • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 8.8EPSS: 1%CPEs: 5EXPL: 2

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando la extensión pdo_mysql con el controlador mysqlnd, si es permitido que el tercero suministre el host al que conectarse y la contraseña para la conexión, la contraseña de longitud excesiva puede desencadenar un desbordamiento de búfer en PHP, lo que puede conllevar a una vulnerabilidad de ejecución de código remota A buffer overflow vulnerability was found in PHP when processing passwords in mysqlnd/pdo in mysqlnd_wireprotocol.c. When using the pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply a MySQL database server password in the mysqlnd driver to the host for the connection, a password of excessive length can trigger a buffer overflow in PHP. This flaw allows a remote attacker to pass a password (with an excessive length) via PDO to the MySQL server, triggering arbitrary code execution on the target system. • https://github.com/amitlttwo/CVE-2022-31626 https://bugs.php.net/bug.php?id=81719 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4 https://security.gentoo.org/glsa/202209-20 https://security.netapp.com/advisory/ntap-20220722-0005 https://www.deb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 1

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. En PHP versiones 7.4.x anteriores a 7.4.30, 8.0.x anteriores a 8.0.20 y 8.1.x anteriores a 8.1.7, cuando es usada la extensión de la base de datos Postgres, el suministro de parámetros no válidos a la consulta parametrizada puede conllevar que PHP intente liberar memoria usando datos no inicializados como punteros. Esto podría conllevar a una vulnerabilidad RCE o una denegación de servicio A vulnerability was found in PHP due to an uninitialized array in pg_query_params() function. When using the Postgres database extension, supplying invalid parameters to the parameterized query may lead to PHP attempting to free memory, using uninitialized data as pointers. • https://bugs.php.net/bug.php?id=81720 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T4MMEEZYYAEHPQMZDFN44PHORJWJFZQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZTZQKRGEYJT5UB4FGG3MOE72SQUHSL4 https://security.gentoo.org/glsa/202209-20 https://security.netapp.com/advisory/ntap-20220722-0005 https://www.debian.org/security/2022/dsa-5179 https://acce • CWE-590: Free of Memory not on the Heap CWE-763: Release of Invalid Pointer or Reference CWE-824: Access of Uninitialized Pointer •