The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4254 advisory. ————————————————————————- Debian LTS Advisory DLA-4254-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin July 27, 2025 https://wiki.debian.org/LTS ————————————————————————- Package : php7.4 Version : 7.4.33-1+deb11u9 CVE ID : CVE-2025-1220 CVE-2025-1735 CVE-2025-6491 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language, which could result in server side request forgery or denial of service. CVE-2025-1220 Jihwan Kim discovered that fsockopen() lack validation that the hostname supplied does not contain null characters, which may lead to other functions like parse_url() to treat the hostname in an incorrect way, thereby potentially causing Server Side Request Forgery. CVE-2025-1735 It was discovered that pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors, which may lead to crashes due to null pointer dereferences. This issue is related to CVE-2025-1094 which was reported to PostgreSQL. CVE-2025-6491 Ahmed Lekssays…Read More