CVE-2024-2756 – __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
https://notcve.org/view.php?id=CVE-2024-2756
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Debido a una solución incompleta de CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, los atacantes de la red y del mismo sitio pueden establecer una cookie estándar insegura en el navegador de la víctima que se trata como una __Host- o __Secure- cookie por aplicaciones PHP. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html https://security.netapp.com/advisory/ntap-20240510-0008 • CWE-20: Improper Input Validation •
CVE-2024-3096 – PHP function password_verify can erroneously return true when argument contains NUL
https://notcve.org/view.php?id=CVE-2024-3096
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. En la versión PHP 8.1.* anterior a 8.1.28, 8.2.* anterior a 8.2.18, 8.3.* anterior a 8.3.5, si una contraseña almacenada con contraseña_hash() comienza con un byte nulo (\x00), se prueba una cadena en blanco como la contraseña a través de contraseña_verify() devolverá verdadero incorrectamente. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html https://security.netapp.com/advisory/ntap-20240510-0010 • CWE-20: Improper Input Validation •
CVE-2006-3017
https://notcve.org/view.php?id=CVE-2006-3017
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •