Page 4 of 30 results (0.008 seconds)

CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 1

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. • https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA https://security.netapp.com/advisory/ntap-20230825-0001 https://access.redhat.com/security/cve/CVE-2023-3823 https://bugzilla.redhat.com/show_bug.cgi?id=2229396 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak. • https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw https://access.redhat.com/security/cve/CVE-2023-3247 https://bugzilla.redhat.com/show_bug.cgi?id=2219290 • CWE-252: Unchecked Return Value CWE-330: Use of Insufficiently Random Values CWE-334: Small Space of Random Values •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which might lead to unauthorized data access or modification. • https://bugs.php.net/bug.php?id=81746 https://security.netapp.com/advisory/ntap-20230517-0001 https://access.redhat.com/security/cve/CVE-2023-0568 https://bugzilla.redhat.com/show_bug.cgi?id=2170770 • CWE-131: Incorrect Calculation of Buffer Size CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow the processing of legitimate user requests. • https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv https://security.netapp.com/advisory/ntap-20230517-0001 https://access.redhat.com/security/cve/CVE-2023-0662 https://bugzilla.redhat.com/show_bug.cgi?id=2170761 • CWE-400: Uncontrolled Resource Consumption CWE-779: Logging of Excessive Data •

CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid. • https://bugs.php.net/bug.php?id=81744 https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4 https://access.redhat.com/security/cve/CVE-2023-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2170771 • CWE-328: Use of Weak Hash CWE-916: Use of Password Hash With Insufficient Computational Effort •