Page 4 of 18 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow the processing of legitimate user requests. • https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv https://security.netapp.com/advisory/ntap-20230517-0001 https://access.redhat.com/security/cve/CVE-2023-0662 https://bugzilla.redhat.com/show_bug.cgi?id=2170761 • CWE-400: Uncontrolled Resource Consumption CWE-779: Logging of Excessive Data •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid. • https://bugs.php.net/bug.php?id=81744 https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4 https://access.redhat.com/security/cve/CVE-2023-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2170771 • CWE-328: Use of Weak Hash CWE-916: Use of Password Hash With Insufficient Computational Effort •

CVSS: 9.3EPSS: 5%CPEs: 85EXPL: 0

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2 http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log http://rhn.redhat.com/errata/RHSA-2006-0549.html http://secunia.com/advisories/19927 http://secunia.com/advisories/21031 http://secunia.com/advisories/21050 •