CVE-2023-0567 : PHP UP TO 8.0.27/8.1.15/8.2.2 BLOWFISH HASH PASSWORD_VERIFY UNKNOWN VULNERABILITY

Description

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.

References

https://bugs.php.net/bug.php?id=81744

https://github.com/php/php-src/security/advisories/GHSA-7fj2-8×79-rjf4

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-3400 : PALO ALTO NETWORKS PAN-OS GLOBALPROTECT COMMAND INJECTION

CVE-2024-3400 : PALO ALTO NETWORKS PAN-OS GLOBALPROTECT COMMAND INJECTION

Description A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and

CVE-2024-21508 : MYSQL2 UP TO 3.9.3 READCODEFOR BIGNUMBERSTRINGS CODE INJECTION

CVE-2024-21508 : MYSQL2 UP TO 3.9.3 READCODEFOR BIGNUMBERSTRINGS CODE INJECTION

Description Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due

CVE-2024-30729 : ROS KINETIC KAME 1 OS COMMAND INJECTION

CVE-2024-30729 : ROS KINETIC KAME 1 OS COMMAND INJECTION

Description An OS command injection vulnerability has been discovered in ROS Kinetic Kame in ROS_VERSION 1 and ROS_ PYTHON_VERSION 3,