An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.
{"debiancve": [{"lastseen": "2021-12-14T17:51:49", "description": "An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-08-07T15:29:00", "type": "debiancve", "title": "CVE-2018-15132", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15132"], "modified": "2018-08-07T15:29:00", "id": "DEBIANCVE:CVE-2018-15132", "href": "https://security-tracker.debian.org/tracker/CVE-2018-15132", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "prion": [{"lastseen": "2023-11-22T02:34:58", "description": "An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-07T15:29:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15132"], "modified": "2019-03-08T13:30:00", "id": "PRION:CVE-2018-15132", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2018-15132", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-12-06T14:38:23", "description": "An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-07T15:29:00", "type": "cve", "title": "CVE-2018-15132", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15132"], "modified": "2019-03-08T13:30:00", "cpe": ["cpe:/a:netapp:storage_automation_store:-"], "id": "CVE-2018-15132", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-15132", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2023-12-06T15:04:01", "description": "An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37,\n7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The\nlinkinfo function on Windows doesn't implement the open_basedir check. This\ncould be abused to find files on paths outside of the allowed directories.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | PEAR issues should go against php-pear as of xenial \n[ratliff](<https://launchpad.net/~ratliff>) | WIN32 only\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-07T00:00:00", "type": "ubuntucve", "title": "CVE-2018-15132", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-15132"], "modified": "2018-08-07T00:00:00", "id": "UB:CVE-2018-15132", "href": "https://ubuntu.com/security/CVE-2018-15132", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-05-19T14:22:13", "description": "According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.37. It is, therefore, affected by a denial of service vulnerability.", "cvss3": {}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14851", "CVE-2018-14883", "CVE-2018-15132"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_37.NASL", "href": "https://www.tenable.com/plugins/nessus/111230", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111230);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-14851\", \"CVE-2018-14883\", \"CVE-2018-15132\");\n\n script_name(english:\"PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\na denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 5.6.x prior to 5.6.37. It is, therefore, affected by\na denial of service vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.37\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=76423\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 5.6.37 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15132\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^5(\\.6)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^5\\.6\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 5.6.x\", port);\n\nfix = \"5.6.37\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:34", "description": "This plugin has been deprecated due to prior coverage", "cvss3": {}, "published": "2018-09-07T00:00:00", "type": "nessus", "title": "PHP < 5.6.37 or 7.2.x < 7.2.8 Multiple Vulnerabilities (Deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14851", "CVE-2018-14883", "CVE-2018-15132"], "modified": "2020-04-27T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_5_6_37_MULTIPLE.NASL", "href": "https://www.tenable.com/plugins/nessus/117340", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled 2018/09/07. Duplicate Plugin\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117340);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/27\");\n\n script_cve_id(\n \"CVE-2018-14883\",\n \"CVE-2018-14851\",\n \"CVE-2018-15132\"\n );\n script_bugtraq_id(\n 105205\n );\n\n script_name(english:\"PHP < 5.6.37 or 7.2.x < 7.2.8 Multiple Vulnerabilities (Deprecated)\");\n script_summary(english:\"Checks the version of PHP.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated\");\n script_set_attribute(attribute:\"description\", value:\n\"This plugin has been deprecated due to prior coverage\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.2.8\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-5.php#5.6.37\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_attribute(attribute:'cvss_score_source', value:\"CVE-2018-14883\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\nfix = NULL;\n\nif (version =~ \"^7\\.[0-2].*\") fix = \"7.2.8\";\nelse if (version =~ \"^[1-5].*\") fix = \"5.6.37\";\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:45", "description": "According to its banner, the version of PHP running on the remote web server is 7.1.x prior to 7.1.20. It is, therefore, affected by a denial of service vulnerability.", "cvss3": {}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14851", "CVE-2018-14883", "CVE-2018-15132"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_1_20.NASL", "href": "https://www.tenable.com/plugins/nessus/111231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111231);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-14851\", \"CVE-2018-14883\", \"CVE-2018-15132\");\n\n script_name(english:\"PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\na denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.1.x prior to 7.1.20. It is, therefore, affected by\na denial of service vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.php.net/ChangeLog-7.php#7.1.20\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.php.net/bug.php?id=76423\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.1.20 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15132\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^7(\\.1)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^7\\.1\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 7.1.x\", port);\n\nfix = \"7.1.20\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-06T15:23:06", "description": "According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.8. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.", "cvss3": {}, "published": "2018-07-20T00:00:00", "type": "nessus", "title": "PHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12882", "CVE-2018-14851", "CVE-2018-14883", "CVE-2018-15132"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_2_8.NASL", "href": "https://www.tenable.com/plugins/nessus/111216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111216);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2018-12882\",\n \"CVE-2018-14851\",\n \"CVE-2018-14883\",\n \"CVE-2018-15132\"\n );\n script_bugtraq_id(104551);\n\n script_name(english:\"PHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\na Use-After-Free Arbitrary Code Execution Vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.2.x prior to 7.2.8. It is, therefore, affected by\na Use-After-Free Arbitrary Code Execution Vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.2.8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.2.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12882\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^7(\\.2)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^7\\.2\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 7.2.x\", port);\n\nfix = \"7.2.8\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-05T14:38:44", "description": "According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.31. It is, therefore, affected by a Use-After-Free Arbitrary Code Execution Vulnerability.", "cvss3": {}, "published": "2018-07-20T00:00:00", "type": "nessus", "title": "PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12882", "CVE-2018-14851", "CVE-2018-14883", "CVE-2018-15132"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:php:php"], "id": "PHP_7_0_31.NASL", "href": "https://www.tenable.com/plugins/nessus/111215", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111215);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2018-12882\",\n \"CVE-2018-14851\",\n \"CVE-2018-14883\",\n \"CVE-2018-15132\"\n );\n script_bugtraq_id(104551);\n\n script_name(english:\"PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of PHP running on the remote web server is affected by\na Use-After-Free Arbitrary Code Execution Vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the version of PHP running on the remote web\nserver is 7.0.x prior to 7.0.31. It is, therefore, affected by\na Use-After-Free Arbitrary Code Execution Vulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://php.net/ChangeLog-7.php#7.0.31\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PHP version 7.0.31 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12882\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:php:php\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"php_version.nasl\");\n script_require_keys(\"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\nphp = get_php_from_kb(\n port : port,\n exit_on_fail : TRUE\n);\n\nversion = php[\"ver\"];\nsource = php[\"src\"];\n\nbackported = get_kb_item('www/php/'+port+'/'+version+'/backported');\n\nif (report_paranoia < 2 && backported)\n audit(AUDIT_BACKPORT_SERVICE, port, \"PHP \"+version+\" install\");\n\n# Check that it is the correct version of PHP\nif (version =~ \"^7(\\.0)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"PHP\", port, version);\nif (version !~ \"^7\\.0\\.\") audit(AUDIT_NOT_DETECT, \"PHP version 7.0.x\", port);\n\nfix = \"7.0.31\";\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"PHP\", port, version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:22", "description": "According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.7.1. It is, therefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2018-09-24T00:00:00", "type": "nessus", "title": "Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-0732", "CVE-2018-0737", "CVE-2018-10545", "CVE-2018-10546", "CVE-2018-10547", "CVE-2018-10548", "CVE-2018-10549", "CVE-2018-14851", "CVE-2018-14883", "CVE-2018-15132", "CVE-2018-7584"], "modified": "2020-10-09T00:00:00", "cpe": ["cpe:/a:tenable:securitycenter"], "id": "SECURITYCENTER_5_7_1_TNS_2018_12.NASL", "href": "https://www.tenable.com/plugins/nessus/117672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117672);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/09\");\n\n \n script_cve_id(\n \"CVE-2018-0732\",\n \"CVE-2018-0737\",\n \"CVE-2018-7584\",\n \"CVE-2018-10545\",\n \"CVE-2018-10546\",\n \"CVE-2018-10547\",\n \"CVE-2018-10548\",\n \"CVE-2018-10549\",\n \"CVE-2018-14851\",\n \"CVE-2018-14883\",\n \"CVE-2018-15132\"\n );\n script_bugtraq_id(\n 103204,\n 103766,\n 104019,\n 104020,\n 104022,\n 105205\n );\n\n script_name(english:\"Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)\");\n script_summary(english:\"Checks the SecurityCenter version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the Tenable SecurityCenter\napplication installed on the remote host is prior to 5.7.1. It is,\ntherefore, affected by multiple vulnerabilities.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.tenable.com/security/tns-2018-12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Tenable SecurityCenter version 5.7.1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-7584\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:tenable:securitycenter\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"securitycenter_installed.nbin\", \"securitycenter_detect.nbin\");\n script_require_ports(\"Host/SecurityCenter/Version\", \"installed_sw/SecurityCenter\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item(\"Host/SecurityCenter/Version\");\nport = 0;\nif(empty_or_null(version))\n{\n port = 443;\n install = get_single_install(app_name:\"SecurityCenter\", combined:TRUE, exit_if_unknown_ver:TRUE);\n version = install[\"version\"];\n}\nfix = \"5.7.1\";\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n items = make_array(\n \"Installed version\", version,\n \"Fixed version\", fix\n );\n order = make_list(\"Installed version\", \"Fixed version\");\n report = report_items_str(report_items:items, ordered_fields:order);\n\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:report);\n}\nelse\n audit(AUDIT_INST_VER_NOT_VULN, 'SecurityCenter', version);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-05-29T18:33:51", "description": "This host is installed with PHP and is prone\n to multiple heap buffer overflow and information disclosure vulnerabilities.", "cvss3": {}, "published": "2018-08-06T00:00:00", "type": "openvas", "title": "PHP Multiple Heap Buffer Overflow and Information Disclosure Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15132", "CVE-2018-14851", "CVE-2018-14883"], "modified": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310813597", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813597", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# PHP Multiple Heap Buffer Overflow and Information Disclosure Vulnerabilities (Windows)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813597\");\n script_version(\"2019-05-13T06:06:12+0000\");\n script_cve_id(\"CVE-2018-14851\", \"CVE-2018-14883\", \"CVE-2018-15132\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 06:06:12 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-08-06 12:58:19 +0530 (Mon, 06 Aug 2018)\");\n script_name(\"PHP Multiple Heap Buffer Overflow and Information Disclosure Vulnerabilities (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple heap buffer overflow and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - exif_process_IFD_in_MAKERNOTE function in exif.c file suffers from\n improper validation against crafted JPEG files.\n\n - exif_thumbnail_extract function in exif.c file suffers from improper\n validation of length of 'ImageInfo->Thumbnail.offset + ImageInfo->Thumbnail.size'\n\n - linkinfo function on windows doesn't implement openbasedir check.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to cause heap overflow, denial of service and disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.37, 7.0.x before\n 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.37, 7.0.31,\n 7.1.20 or 7.2.8 or later. Please see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/security/cve/cve-2018-14851\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=76557\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=76423\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=76459\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(phpPort = get_app_port(cpe:CPE))) exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:phpPort, exit_no_version:TRUE)) exit(0);\nphpVers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:phpVers, test_version:\"5.6.37\")){\n fix = \"5.6.37\";\n}\n\nelse if(version_in_range(version:phpVers, test_version:\"7.0\", test_version2:\"7.0.30\")){\n fix = \"7.0.31\";\n}\n\nelse if(version_in_range(version:phpVers, test_version:\"7.1\", test_version2:\"7.1.19\")){\n fix = \"7.1.20\";\n}\n\nelse if(version_in_range(version:phpVers, test_version:\"7.2\", test_version2:\"7.2.7\")){\n fix = \"7.2.8\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:phpVers, fixed_version:fix, install_path:path);\n security_message(port:phpPort, data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:51", "description": "This host is installed with PHP and is prone\n to multiple heap buffer overflow and information disclosure vulnerabilities.", "cvss3": {}, "published": "2018-08-07T00:00:00", "type": "openvas", "title": "PHP Multiple Heap Buffer Overflow and Information Disclosure Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15132", "CVE-2018-14851", "CVE-2018-14883"], "modified": "2019-05-13T00:00:00", "id": "OPENVAS:1361412562310813901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813901", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# PHP Multiple Heap Buffer Overflow and Information Disclosure Vulnerabilities (Linux)\n#\n# Authors:\n# Rajat Mishra <rajatm@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:php:php\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813901\");\n script_version(\"2019-05-13T06:06:12+0000\");\n script_cve_id(\"CVE-2018-14851\", \"CVE-2018-14883\", \"CVE-2018-15132\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-13 06:06:12 +0000 (Mon, 13 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-08-07 13:28:46 +0530 (Tue, 07 Aug 2018)\");\n script_name(\"PHP Multiple Heap Buffer Overflow and Information Disclosure Vulnerabilities (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with PHP and is prone\n to multiple heap buffer overflow and information disclosure vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - exif_process_IFD_in_MAKERNOTE function in exif.c file suffers from\n improper validation against crafted JPEG files.\n\n - exif_thumbnail_extract function in exif.c file suffers from improper\n validation of length of 'ImageInfo->Thumbnail.offset + ImageInfo->Thumbnail.size'\n\n - linkinfo function on windows doesn't implement openbasedir check.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers\n to cause heap overflow, denial of service and disclose sensitive information.\");\n\n script_tag(name:\"affected\", value:\"PHP versions before 5.6.37, 7.0.x before\n 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to PHP version 5.6.37, 7.0.31,\n 7.1.20 or 7.2.8 or later. Please see the references for more information.\");\n\n script_xref(name:\"URL\", value:\"https://access.redhat.com/security/cve/cve-2018-14851\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=76557\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=76423\");\n script_xref(name:\"URL\", value:\"https://bugs.php.net/bug.php?id=76459\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_php_detect.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"php/installed\", \"Host/runs_unixoide\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(isnull(phpPort = get_app_port(cpe:CPE))) exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:phpPort, exit_no_version:TRUE)) exit(0);\nphpVers = infos['version'];\npath = infos['location'];\n\nif(version_is_less(version:phpVers, test_version:\"5.6.37\")){\n fix = \"5.6.37\";\n}\n\nelse if(version_in_range(version:phpVers, test_version:\"7.0\", test_version2:\"7.0.30\")){\n fix = \"7.0.31\";\n}\n\nelse if(version_in_range(version:phpVers, test_version:\"7.1\", test_version2:\"7.1.19\")){\n fix = \"7.1.20\";\n}\n\nelse if(version_in_range(version:phpVers, test_version:\"7.2\", test_version2:\"7.2.7\")){\n fix = \"7.2.8\";\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:phpVers, fixed_version:fix, install_path:path);\n security_message(port:phpPort, data:report);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "rosalinux": [{"lastseen": "2023-12-06T21:45:08", "description": "Software: php 5.4.16\nOS: Cobalt 7.9\n\nCVE-ID: CVE-2011-4718\nCVE-Crit: MEDIUM\nCVE-DESC: A session commit vulnerability in the session subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.\nCVE-STATUS: Default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2011-4718\nCVE-Crit: MEDIUM\nCVE-DESC: A session commit vulnerability in the session subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.\nCVE-STATUS: Default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2012-1171\nCVE-Crit: MEDIUM\nCVE-DESC: The libxml RSHUTDOWN feature in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors, including calling the stream_close method while using a customized stream shell.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2013-4248\nCVE-Crit: HIGH\nCVE-DESC: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 incorrectly handles the character '\\ 0' in the domain name in the Subject Alternative Name field of the X.509 certificate, which allows \"attacker-in-the-middle\" attackers to spoof arbitrary SSL servers using a crafted certificate issued by a legitimate certificate authority, which is an issue related to CVE-2009-2408.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2013-4248\nCVE-Crit: HIGH\nCVE-DESC: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 incorrectly handles the character '\\ 0' in the domain name in the Subject Alternative Name field of the X.509 certificate, which allows \"attacker-in-the-middle\" attackers to spoof arbitrary SSL servers using a crafted certificate issued by a legitimate certificate authority, which is an issue related to CVE-2009-2408.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2013-6501\nCVE-Crit: MEDIUM\nCVE-DESC: The default soap.wsdl_cache_dir parameter in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the / tmp directory, making it easier for local users to execute WSDL. injection attacks by creating a file in / tmp with a predictable filename, which is used by the get_sdl function in ext / soap / php_sdl.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2013-6712\nCVE-Crit: MEDIUM\nCVE-DESC: The scan function in ext / date / lib / parse_iso_intervals.c in PHP via 5.5.6 does not properly restrict the creation of DateInterval objects, which may allow remote attackers to cause a denial of service (heap-based buffer overflow). read) via the created interval specification. read) via the created interval specification.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2013-7327\nCVE-Crit: HIGH\nCVE-DESC: The gdImageCrop function in ext / gd / gd.c in PHP 5.5.x through 5.5.9 does not validate return values, allowing remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that result in using a NULL pointer as the return value, which is different from vulnerability CVE-2013-7226.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-0207\nCVE-Crit: HIGH\nCVE-DESC: The cdf_read_short_sector function in cdf.c before 5.19, used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-0207\nCVE-Crit: HIGH\nCVE-DESC: The cdf_read_short_sector function in cdf.c before 5.19, used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-0236\nCVE-Crit: HIGH\nCVE-DESC: pre-5.18, used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (null pointer dereferencing and application crash) via a null value of root_storage in the CDF file associated with cdf.c and readcdf.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-0237\nCVE-Crit: HIGH\nCVE-DESC: The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by running multiple file_printf calls.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-0238\nCVE-Crit: HIGH\nCVE-DESC: The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-2020.\nCVE-Crit: MEDIUM\nCVE-DESC: ext / gd / gd.c in PHP 5.5.x through 5.5.9 does not validate data types, which could allow remote attackers to obtain sensitive information using a data type of (1) string or (2) array in place of a numeric data type, as shown by calling imagecrop with a string for the value of dimension x, a vulnerability other than CVE-2013-7226.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-2497\nCVE-Crit: MEDIUM\nCVE-DESC: The gdImageCreateFromXpm function in gdxpm.c in libgd, used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (dereferencing a NULL pointer and crashing the application) via a created color table in the XPM file. .\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-2497\nCVE-Crit: MEDIUM\nCVE-DESC: The gdImageCreateFromXpm function in gdxpm.c in libgd, used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (dereferencing a NULL pointer and crashing the application) via a created color table in the XPM file. .\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3478\nCVE-Crit: MEDIUM\nCVE-DESC: Buffer overflow in the mconvert function in softmagic.c in pre-5.19, used in the Fileinfo component in PHP pre-5.4.30 and 5.5.x pre-5.5.14, allows remote attackers to cause a denial of service ( application crash ) via a generated Pascal string in the FILE_PSTRING conversion.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3478\nCVE-Crit: MEDIUM\nCVE-DESC: Buffer overflow in the mconvert function in softmagic.c in pre-5.19, used in the Fileinfo component in PHP pre-5.4.30 and 5.5.x pre-5.5.14, allows remote attackers to cause a denial of service ( application crash ) via a generated Pascal string in the FILE_PSTRING conversion.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3479\nCVE-Crit: MEDIUM\nCVE-DESC: The cdf_check_stream_offset function in cdf.c before 5.19, used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector size data, allowing remote attackers to cause a denial of service (application failure) via the created stream offset in the CDF file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3479\nCVE-Crit: MEDIUM\nCVE-DESC: The cdf_check_stream_offset function in cdf.c before 5.19, used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector size data, allowing remote attackers to cause a denial of service (application failure) via the created stream offset in the CDF file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3480\nCVE-Crit: MEDIUM\nCVE-DESC: The cdf_count_chain function in cdf.c in cdf.c before 5.19, used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, incorrectly validates sector count data, allowing remote attackers to cause a denial of service (application crash) via the generated CDF file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3480\nCVE-Crit: MEDIUM\nCVE-DESC: The cdf_count_chain function in cdf.c in cdf.c before 5.19, used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, incorrectly validates sector count data, allowing remote attackers to cause a denial of service (application crash) via the generated CDF file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3487\nCVE-Crit: MEDIUM\nCVE-DESC: The cdf_read_property_info function in fileinfo before 5.19, which was used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, incorrectly checks the stream offset, allowing remote attackers to cause a service failure (application failure) via a crafted CDF file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3487\nCVE-Crit: MEDIUM\nCVE-DESC: The cdf_read_property_info function in fileinfo before 5.19, which was used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, incorrectly checks the stream offset, allowing remote attackers to cause a service failure (application failure) via a crafted CDF file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3515\nCVE-Crit: HIGH\nCVE-DESC: The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly assumes that certain data structures will have the array data type after deserialization, allowing remote attackers to execute arbitrary code via a crafted string that triggers the use of the Hashtable destructor associated with the \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3515\nCVE-Crit: HIGH\nCVE-DESC: The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly assumes that certain data structures will have the array data type after deserialization, allowing remote attackers to execute arbitrary code via a crafted string that triggers the use of the Hashtable destructor associated with the \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3587\nCVE-Crit: CRITICAL\nCVE-DESC: An integer overflow in the cdf_read_property_info function in cdf.c in fileinfo before 5.19, which is used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service ( application failure) via a crafted CDF file. NOTE: this vulnerability exists due to an incomplete patch for CVE-2012-1571.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3587\nCVE-Crit: CRITICAL\nCVE-DESC: An integer overflow in the cdf_read_property_info function in cdf.c in fileinfo before 5.19, which is used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service ( application failure) via a crafted CDF file. NOTE: this vulnerability exists due to an incomplete patch for CVE-2012-1571.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3597\nCVE-Crit: CRITICAL\nCVE-DESC: Multiple buffer overflows in the php_parserr function in ext / standard / dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application failure) or possibly execute arbitrary code through a crafted DNS record associated with the dns_get_record function and the dn_expand function. NOTE: this issue occurs due to an incomplete fix for CVE-2014-4049.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3597\nCVE-Crit: CRITICAL\nCVE-DESC: Multiple buffer overflows in the php_parserr function in ext / standard / dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application failure) or possibly execute arbitrary code through a crafted DNS record associated with the dns_get_record function and the dn_expand function. NOTE: this issue occurs due to an incomplete fix for CVE-2014-4049.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3668\nCVE-Crit: HIGH\nCVE-DESC: Buffer overflow in date_from_ISO8601 function in mkgmtime implementation in libxmlrpc / xmlrpc.c in XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18 and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application failure) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function associated with a read operation outside the valid range.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3668\nCVE-Crit: HIGH\nCVE-DESC: Buffer overflow in date_from_ISO8601 function in mkgmtime implementation in libxmlrpc / xmlrpc.c in XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18 and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application failure) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function associated with a read operation outside the valid range.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3669\nCVE-Crit: HIGH\nCVE-DESC: An integer overflow in the object_custom function in ext / standard / var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to a deserialization function that triggers the calculation of a long-length value.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3669\nCVE-Crit: HIGH\nCVE-DESC: An integer overflow in the object_custom function in ext / standard / var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to a deserialization function that triggers the calculation of a long-length value.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3670\nCVE-Crit: HIGH\nCVE-DESC: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18 and 5.6.x before 5.6.2 mishandles floating point arrays, allowing remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code through a created JPEG image with TIFF thumbnail data that is mishandled by the exif_thumbnail function.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3670\nCVE-Crit: HIGH\nCVE-DESC: The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18 and 5.6.x before 5.6.2 mishandles floating point arrays, allowing remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code through a created JPEG image with TIFF thumbnail data that is mishandled by the exif_thumbnail function.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-3981\nCVE-Crit: MEDIUM\nCVE-DESC: acinclude.m4, used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symbolic link attack on the / tmp / phpglibccheck file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-4049\nCVE-Crit: MEDIUM\nCVE-DESC: Heap-based buffer overflow in php_parserr function in ext / standard / dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (failure) and possibly execute arbitrary code via a crafted DNS TXT record related to the dns_get_record function.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-4670\nCVE-Crit: MEDIUM\nCVE-DESC: A post-release exploitation vulnerability in ext / spl / spl_dllist.c in the SPL component of PHP through PHP version 5.5.14 allows context-sensitive attackers to cause a denial of service or possibly have unspecified other impact through the use of a crafted iterator within an application in certain web hosting environments.\nCVE-STATUS: default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2014-4698\nCVE-Crit: HIGH\nCVE-DESC: A Use-after-free vulnerability in ext / spl / spl_array.c in the SPL component of PHP through PHP version 5.5.14 allows context-sensitive attackers to cause a denial of service or possibly have unspecified other impact through the use of a crafted ArrayIterator within an application in certain web hosting environments.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-4721\nCVE-Crit: HIGH\nCVE-DESC: The implementation of phpinfo in ext / standard / info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not guarantee the use of a string data type for PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER and PHP_SELF variables, which could allow context-dependent attackers to retrieve sensitive information from process memory using an integer data type with the values created, which is related to the \"type confusion\" vulnerability, as demonstrated by reading the SSL private key in an Apache HTTP Server web hosting environment. with mod_ssl and PHP 5.3.x mod_php.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-4721\nCVE-Crit: HIGH\nCVE-DESC: The implementation of phpinfo in ext / standard / info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not guarantee the use of a string data type for PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER and PHP_SELF variables, which could allow context-dependent attackers to retrieve sensitive information from process memory using an integer data type with the values created, which is related to the \"type confusion\" vulnerability, as demonstrated by reading the SSL private key in an Apache HTTP Server web hosting environment. with mod_ssl and PHP 5.3.x mod_php.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-5120\nCVE-Crit: HIGH\nCVE-DESC: gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that path names do not contain % 00 sequences, which could allow remote attackers to overwrite arbitrary files with crafted input. into an application that calls (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) the imagewebp function.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-5459\nCVE-Crit: CRITICAL.\nCVE-DESC: The PEAR_REST class in REST.php in PEAR in PHP through PHP 5.6.0 allows local users to write to arbitrary files by attacking a character reference to (1) rest.cachefile or (2) rest.cacheid file in / tmp / pear / cache / associated with the retrieveCacheFirst and useLocalCache functions.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-8142\nCVE-Crit: MEDIUM\nCVE-DESC: A Use-after-free vulnerability in the process_nested_data function in ext / standard / var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code using a crafted call to unserialize that uses improper handling of repeated keys in serialized object properties, which is different from vulnerability CVE-2004-1019.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-9425\nCVE-Crit: CRITICAL\nCVE-DESC: A double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in Zend Engine in PHP via 5.5.20 and 5.6.x via 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-9427\nCVE-Crit: CRITICAL\nCVE-DESC: sapi / cgi / cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x to 5.5.20 and 5.6.x to 5.6.4 when mmap is used to read a .php, incorrectly considers the length of the mapping while processing an invalid file that starts with a # character and has no newline character, which causes out-of-bounds reading and can (1) allow remote attackers to obtain sensitive information from php-cgi process memory using the ability to load a .php or (2) initiate unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-9652\nCVE-Crit: MEDIUM\nCVE-DESC: The mconvert function in softmagic.c before 5.21, which was used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, improperly handles a specific string length field while copying a truncated version of a Pascal string, which could allow remote attackers to cause a denial of service (out-of-range memory access and application crash) via the generated file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-9653\nCVE-Crit: MEDIUM\nCVE-DESC: readelf.c in pre-5.22, used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not take into account that pread calls sometimes read only a subset of the available data, allowing remote attackers to cause a denial of service (uninitialized memory access) or possibly have an unspecified other impact via the generated ELF file.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-9705\nCVE-Crit: MEDIUM\nCVE-DESC: Heap-based buffer overflow in enchant_broker_request_dict function in ext / enchant / enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger the creation of multiple dictionaries.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-9767\nCVE-Crit: MEDIUM\nCVE-DESC: Catalog traversal vulnerability in ZipArchive function :: extractTo in ext / zip / php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29 and 5.6.x before 5.6.13 and ext / zip / ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories using the created ZIP archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2014-9912\nCVE-Crit: CRITICAL\nCVE-DESC: The get_icu_disp_value_src_php function in ext / intl / locale / locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 incorrectly restricts calls to uresbund ICU. cpp, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have an unspecified other impact by calling locale_get_display_name with a long first argument.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-0231\nCVE-Crit: HIGH\nCVE-DESC: A Use-after-free vulnerability in the process_nested_data function in ext / standard / var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code using a crafted deserialization call that uses improper handling of repeated numeric keys in serialized object properties. NOTE: this vulnerability exists due to an incomplete patch for CVE-2014-8142.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-0231\nCVE-Crit: HIGH\nCVE-DESC: A Use-after-free vulnerability in the process_nested_data function in ext / standard / var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code using a crafted deserialization call that uses improper handling of repeated numeric keys in serialized object properties. NOTE: this vulnerability exists due to an incomplete patch for CVE-2014-8142.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-0232\nCVE-Crit: HIGH\nCVE-DESC: The exif_process_unicode function in ext / exif / exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a service failure (releasing an uninitialized pointer and crashing the application) via generated EXIF data in a JPEG image.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-0232\nCVE-Crit: HIGH\nCVE-DESC: The exif_process_unicode function in ext / exif / exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a service failure (releasing an uninitialized pointer and crashing the application) via generated EXIF data in a JPEG image.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-0273\nCVE-Crit: MEDIUM\nCVE-DESC: Multiple vulnerabilities in ext / date / php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via processed serialized input containing a specifier of type (1) R or (2) r in (a) DateTimeZone data processed by php_date_timezone_initialize_from_hash or (b) DateTime data processed by php_date_initialize_from_hash.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-1351\nCVE-Crit: HIGH\nCVE-DESC: A post-release exploitation vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.\nCVE-STATUS: Default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2015-2331\nCVE-Crit: HIGH\nCVE-DESC: An integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6. 7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code through a ZIP archive containing many entries, resulting in a heap-based buffer overflow.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-2348\nCVE-Crit: MEDIUM\nCVE-DESC: The implementation of move_uploaded_file in ext / standard / basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23 and 5.6.x before 5.6.7 truncates the path when the character \\ x00 is detected, allowing remote attackers to bypass intended extension restrictions and create files with unexpected names using a specially crafted second argument. NOTE: this vulnerability exists due to an incomplete patch for CVE-2006-7243.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-2783\nCVE-Crit: CRITICAL\nCVE-DESC: ext / phar / phar.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8 allows remote attackers to retrieve sensitive information from process memory or cause a denial of service (buffer overflow and application crash) via a crafted length value combined with crafted serialized data in the phar archive associated with the phar_parse_metadata and phar_parse_pharfile functions.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-2787\nCVE-Crit: CRITICAL\nCVE-DESC: A Use-after-free vulnerability in the process_nested_data function in ext / standard / var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code using a crafted deserialization call that uses the unset function in the __wakeup function, which is an issue related to CVE-2015-0231.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-1352\nCVE-Crit: MEDIUM\nCVE-DESC: The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through version 5.6.7 does not check token extraction for table names, allowing remote attackers to cause a denial of service (null pointer dereferencing and application crash) via a created name.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-3307\nCVE-Crit: HIGH\nCVE-DESC: The phar_parse_metadata function in ext / phar / phar.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have an unspecified other impact via a crafted tar archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-3329\nCVE-Crit: MEDIUM\nCVE-DESC: Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in (1) tar, (2) phar, or (3) ZIP archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-3330\nCVE-Crit: MEDIUM\nCVE-DESC: The php_handler function in sapi / apache2handler / sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8, when Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code through pipelined HTTP requests, resulting in a \"deconfigured interpreter\".\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-3411\nCVE-Crit: MEDIUM\nCVE-DESC: PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that path names do not contain the % 00 sequences, which could allow remote attackers to read or write to arbitrary files using crafted input to an application that calls (1) the DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by the attack filename \\ 0.xml, which bypasses the assumed configuration where client users can only read .xml files.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-3412\nCVE-Crit: MEDIUM\nCVE-DESC: PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that path names do not contain % 00 sequences, which could allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext / standard / streamsfuncs.c, as demonstrated by the filename \\ 0.extension attack, which bypasses the intended configuration where client users can only read files with one specific extension.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4021\nCVE-Crit: HIGH\nCVE-DESC: The phar_parse_tarfile function in ext / phar / tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not check that the first character of a filename is different from \\ 0, allowing remote attackers to cause a denial of service (integer overflow and memory corruption) via a created tar archive entry.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4022\nCVE-Crit: HIGH\nCVE-DESC: Integer overflow in ftp_genlist function in ext / ftp / ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25 and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long response to a LIST command, resulting in a heap buffer overflow.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4024\nCVE-Crit: HIGH\nCVE-DESC: An algorithmic complexity vulnerability in the multipart_buffer_headers function in main / rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25 and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service ( CPU Consumption) via generated form data, resulting in an incorrect growth order result.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4025\nCVE-Crit: HIGH\nCVE-DESC: PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates the path when the character \\ x00 is detected in certain situations, allowing remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists due to an incomplete patch for CVE-2006-7243.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4026\nCVE-Crit: HIGH\nCVE-DESC: The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates the path when the character \\ x00 is detected, which could allow remote attackers to bypass the intended extension restrictions. and execute files with unexpected names via the first argument created. NOTE: this vulnerability exists due to an incomplete patch for CVE-2006-7243.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4116\nCVE-Crit: CRITICAL\nCVE-DESC: Use-after-free vulnerability in the spl_ptr_heap_insert function in ext / spl / spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code, causing SplMinHeap to crash :: compare operation.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4147\nCVE-Crit: HIGH\nCVE-DESC: The method for calling SoapClient :: __ in ext / soap / soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not check that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing processed serialized data with an unexpected data type related to the \"type confusion\" issue.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4148\nCVE-Crit: HIGH\nCVE-DESC: The do_soap_call function in ext / soap / soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not check that the uri property is a string, which allows remote attackers to obtain sensitive information by providing processed serialized data with the int data type, due to a \"type confusion\" issue.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4598\nCVE-Crit: MEDIUM\nCVE-DESC: PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that path names do not contain the % 00 sequences, which could allow remote attackers to read or write to arbitrary files using crafted input to an application that calls (1) the DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by the filename \\ 0 attack.html, which bypasses the assumed configuration where client users can only write to .html files.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4599\nCVE-Crit: CRITICAL\nCVE-DESC: The SoapFault :: __ toString method in ext / soap / soap.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information as a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type related to the \"type confusion\" issue.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4600\nCVE-Crit: CRITICAL.\nCVE-DESC: The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to the \"type confusion\" issues in (1) SoapClient :: __ getLastRequest, (2) SoapClient :: __ getLastResponse, (3) SoapClient :: __ getLastRequestHeaders, (4) SoapClient :: __ getLastResponseHeaders: (5) SoapClient :: __ getLastResponseHeaders: : __ getCookies and (6) SoapClient :: __ setCookie methods.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4601\nCVE-Crit: CRITICAL.\nCVE-DESC: PHP before 5.6.7 may allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code using an unexpected data type due to \"type confusion\" issues in (1) ext / soap / php_encoding .c, (2) ext / soap / php_http.c, and (3) ext / soap / soap.c, a different issue than CVE-2015-4600.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4602\nCVE-Crit: CRITICAL\nCVE-DESC: The __PHP_Incomplete_Class function in ext / standard / incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash ) or possibly execute arbitrary code via an unexpected data type due to a \"type confusion\" issue.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4603\nCVE-Crit: CRITICAL\nCVE-DESC: The exception :: getTraceAsString function in Zend / zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24 and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via unexpected type data, related to the \"type confusion\" issue.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4604\nCVE-Crit: HIGH\nCVE-DESC: The mget function in softmagic.c in 5.x, which was used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not work properly. maintain a certain pointer relationship that allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is not properly handled by the \"Python script executable\" rule.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4605\nCVE-Crit: HIGH\nCVE-DESC: The mcopy function in softmagic.c in 5.x, which was used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not work properly. limit a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code using a crafted string that is not properly handled by the \"Python script executable\" rule.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4643\nCVE-Crit: CRITICAL\nCVE-DESC: An integer overflow in the ftp_genlist function in ext / ftp / ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long response to a LIST command, resulting in a heap buffer overflow. NOTE: this vulnerability exists due to an incomplete patch for CVE-2015-4022.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-4644\nCVE-Crit: HIGH\nCVE-DESC: The php_pgsql_meta_data function in pgsql.c in the PostgreSQL extension (also known as pgsql) in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names , which could allow remote attackers to cause a denial of service (null pointer dereferencing and application crash) via the created name. NOTE: this vulnerability exists due to an incomplete patch for CVE-2015-1352.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-5589\nCVE-Crit: CRITICAL\nCVE-DESC: The phar_convert_to_other function in ext / phar / phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not check the file pointer before the close operation, which allows remote attackers to cause a denial of service (segmentation error) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in the Phar :: convertToData call.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-5590\nCVE-Crit: HIGH\nCVE-DESC: Stack-based buffer overflow in phar_fix_filepath function in ext / phar / phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly unspecified other impact due to a large length value, as demonstrated by improper handling of email attachments by PHP's imap extension.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-6832\nCVE-Crit: HIGH\nCVE-DESC: Use-after-free vulnerability in the SPL deserialization implementation in ext / spl / spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code using created serialized data, causing array field misuse.\nCVE-STATUS: Default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2015-6833\nCVE-Crit: HIGH\nCVE-DESC: A directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via .. (dot) in a ZIP archive entry that is mishandled during an extractTo call.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-6834\nCVE-Crit: CRITICAL\nCVE-DESC: Multiple vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors associated with (1) the serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class that are mishandled during deserialization.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-6835\nCVE-Crit: CRITICAL\nCVE-DESC: The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 improperly handles several php_var_unserialize calls that allow remote attackers to execute arbitrary code or cause a denial of service ( use-after-free) via crafted session content.\nCVE-STATUS: default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2015-6836\nCVE-Crit: HIGH\nCVE-DESC: The SoapClient __call method in ext / soap / soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mismanages headers, allowing remote attackers to execute arbitrary code using created serialized data, causing \"type confusion\" in serialize_function_call.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-7803\nCVE-Crit: MEDIUM\nCVE-DESC: The phar_get_entry_data function in ext / phar / util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (null pointer dereferencing and application crash) via a .phar file with a created TAR archive entry where the Link indicator refers to a non-existent file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-7804\nCVE-Crit: MEDIUM\nCVE-DESC: Off-by-one bug in the phar_parse_zipfile function in ext / phar / zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (dereferencing an uninitialized pointer and crashing the application) by including / filename in a PHAR .zip archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8835\nCVE-Crit: CRITICAL\nCVE-DESC: The make_http_soap_request function in ext / soap / php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 improperly extracts keys, allowing remote attackers to cause a denial of service (null pointer dereferencing, type confusion, and application crash) or possibly execute arbitrary code via processed serialized data representing the numerically indexed _cookies array associated with the SoapClient :: __ call method in ext / soap / soap.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8838\nCVE-Crit: MEDIUM\nCVE-DESC: ext / mysqlnd / mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses the SSL client parameter to mean that SSL is optional, allowing attackers in the middle to spoof servers using a plaintext version downgrade attack, an issue related to CVE-2015-3152.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8865\nCVE-Crit: HIGH\nCVE-DESC: The file_check_mem function in funcs.c before 5.23, which was used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, incorrectly handles the continuation level of jumps, allowing context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code through a crafted magic file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8867\nCVE-Crit: HIGH\nCVE-DESC: The openssl_random_pseudo_bytes function in ext / openssl / openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, making it easy for remote attackers to bypass cryptographic defense mechanisms via undefined vectors.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8873\nCVE-Crit: HIGH\nCVE-DESC: Stack usage vulnerability in Zend / zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28 and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation error) via recursive method calls.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8874\nCVE-Crit: HIGH\nCVE-DESC: A stack utilization vulnerability in GD in PHP before PHP 5.6.12 allows remote attackers to cause a denial of service with a crafted imagefilltoborder call.\nCVE-STATUS: Default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2015-8876\nCVE-Crit: CRITICAL\nCVE-DESC: Zend / zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28 and 5.6.x before 5.6.12 does not validate certain Exception objects, allowing remote attackers to cause a denial of service ( Null Pointer Dereferencing and application crash) or initiate unintended method execution using created serialized data.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8877\nCVE-Crit: HIGH\nCVE-DESC: The gdImageScaleTwoPass function in gd_interpolation.c in the GD graphics library (also known as libgd) before 2.2.0, which was used in PHP before 5.6.12, uses incompatible allocation and release approaches, allowing remote attackers to cause a service failure (memory consumption) via a crafted call, as demonstrated by PHP imagescale function call.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8879\nCVE-Crit: HIGH\nCVE-DESC: The odbc_bindcols function in ext / odbc / php_odbc.c in PHP before PHP 5.6.12 incorrectly handles driver behavior for SQL_WVARCHAR columns, allowing remote attackers to cause a denial of service (application crash) in unexpected circumstances by using odbc_fetch_array to access a specific Microsoft SQL Server table type.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8880\nCVE-Crit: CRITICAL\nCVE-DESC: Double format printer release vulnerability in PHP 7.x before 7.0.1 allows remote attackers to have undefined impact, causing an error.\nCVE-STATUS: Default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2015-8935\nCVE-Crit: MEDIUM\nCVE-DESC: The sapi_header_op function in main / SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated string collapsing without regard to browser compatibility, allowing remote attackers to conduct cross-site scripting (XSS) attacks on Internet Explorer using (1)% 0A% 20 or (2)% 0D% 0A% 20 in the header function.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-8994\nCVE-Crit: HIGH\nCVE-DESC: The issue was found in PHP 5.x and 7.x when the configuration uses apache2handler / mod_php or php-fpm with OpCache enabled. In 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-standard configuration with opcache.validate_permission = 1. The details of the vulnerability are as follows. In PHP SAPI, where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent process during initialization. PHP child processes inherit the SHM descriptor, using it to cache and retrieve the bytecode of the compiled script (\"operation code\" in PHP jargon). The cache keys vary from configuration to configuration, but the filename is the central key component, and the compiled operation code can usually be run if the script filename is known or can be guessed. Many common shared hosting configurations modify EUIDs in child processes to provide privilege separation between hosted users (e.g., using mod_ruid2 for the Apache HTTP server or php-fpm custom settings). In these scenarios, the default behavior of Zend OpCache overrides script file permissions, sharing a single SHM cache between all PHP child processes. PHP scripts often contain sensitive information: think of CMS configurations where reading or running another user's script usually means gaining privileges for the CMS database.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2015-9253\nCVE-Crit: MEDIUM\nCVE-DESC: The issue was found in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8 and before 7.1.20. The php-fpm main process restarts a child process in an infinite loop when using program execution functions (e.g. passthru, exec, shell_exec or system) with a non-blocking STDIN thread, resulting in the main process using 100% of the CPU. , and consumes disk space with large amounts of error logs, as demonstrated by a client-side attack on shared hosting.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-10158\nCVE-Crit: HIGH\nCVE-DESC: The exif_convert_any_to_int function in ext / exif / exif.c in PHP before 5.6.30, 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash ) via processed EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-10159\nCVE-Crit: HIGH\nCVE-DESC: Integer overflow in the phar_parse_pharfile function in ext / phar / phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in the PHAR archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-10160\nCVE-Crit: CRITICAL\nCVE-DESC: Vagueness bug in phar_parse_pharfile function in ext / phar / phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code through a crafted PHAR archive with an alias mismatch.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-10161\nCVE-Crit: HIGH\nCVE-DESC: The object_common1 function in ext / standard / var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (-read buffer overflow and application crash) due to created serialized data that is improperly handled in the finish_nested_data call.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-10397\nCVE-Crit: HIGH\nCVE-DESC: In PHP before 5.6.28 and 7.x before 7.0.13, attackers could use incorrect handling of various URI components in the URL parser to bypass hostname-dependent URL checks, as shown in evil.example.com. : 80#@good.example.com/ and evil.example.com:80?@good.example.com/ inputs to the parse_url function (implemented in the php_url_parse_ex function in ext / standard / url.c).\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-10712\nCVE-Crit: HIGH\nCVE-DESC: In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all stream_get_meta_data return values can be controlled if input can be controlled (e.g. during file upload ). For example, calling \"$ uri = stream_get_meta_data (fopen ($ file,\" r \")) ['uri']\" mishandles the case where $ file is data: text / plain; uri = eviluri - in other words, the metadata could be set by an attacker.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-1903\nCVE-Crit: CRITICAL\nCVE-DESC: The gdImageRotateInterpolated function in ext / gd / libgd / gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17 and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (read out of range and application crash) via the large bgd_color argument of the imagerotate function.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-2554\nCVE-Crit: CRITICAL\nCVE-DESC: Stack-based buffer overflow in ext / phar / tar.c in PHP before 5.5.32, 5.6.x before 5.6.18 and 7.x before 7.0.3 allows remote attackers to cause a denial of service ( application crash ) or possibly have unspecified other impact via a crafted TAR archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-3078\nCVE-Crit: CRITICAL\nCVE-DESC: Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-3141\nCVE-Crit: CRITICAL\nCVE-DESC: A post-release exploitation vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by initiating a wddx_deserialize call to XML data containing a created var element.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-3142\nCVE-Crit: HIGH\nCVE-DESC: The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to retrieve sensitive information from process memory or cause a denial of service (outside read restriction and application crash) by placing a PK signature \\ x05 \\ x06 in an invalid location.\nCVE-STATUS: Default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2016-3185\nCVE-Crit: HIGH\nCVE-DESC: The make_http_soap_request function in ext / soap / php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to retrieve sensitive information from process memory or cause a denial of service (type confusion and application crash) using created serialized _cookies data associated with the SoapClient :: __ call method in ext / soap / soap.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4342\nCVE-Crit: HIGH\nCVE-DESC: ext / phar / phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 improperly handles uncompressed zero-length data, allowing remote attackers to cause a service failure (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4343\nCVE-Crit: HIGH\nCVE-DESC: The phar_make_dirstream function in ext / phar / dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 incorrectly handles null-sized ././@LongLink files, allowing remote attackers to cause a service failure (dereferencing an uninitialized pointer) or possibly have unspecified other impact via a crafted TAR archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4344\nCVE-Crit: CRITICAL\nCVE-DESC: An integer overflow in the xml_utf8_encode function in ext / xml / xml.c in PHP before version 7.0.4 allows remote attackers to cause a denial of service or possibly have an unspecified other impact with a long utf8_encode function argument, resulting in a heap-based buffer overflow.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4345\nCVE-Crit: CRITICAL\nCVE-DESC: An integer overflow in the php_filter_encode_url function in ext / filter / sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have an unspecified other impact via a long string, resulting in a heap buffer overflow.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4346\nCVE-Crit: CRITICAL\nCVE-DESC: An integer overflow in the str_pad function in ext / standard / string.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have an unspecified other impact via a long string, resulting in a heap-based buffer overflow.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4537\nCVE-Crit: CRITICAL\nCVE-DESC: The bcpowmod function in ext / bcmath / bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 takes a negative integer as a scale argument, allowing remote attackers to cause a denial of service or possibly have an unspecified other impact via artificial invocation.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4538\nCVE-Crit: CRITICAL\nCVE-DESC: The bcpowmod function in ext / bcmath / bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without regard to whether they are copies of _zero_, _one_, or _two_ a global variable that allows remote attackers to cause a denial of service or possibly have an unspecified other impact via artificial invocation.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4539\nCVE-Crit: CRITICAL\nCVE-DESC: The xml_parse_into_struct function in ext / xml / xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under -read and segmentation fault) or possibly have an unspecified other impact via the created XML data in the second argument, resulting in a null parser.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4540\nCVE-Crit: CRITICAL\nCVE-DESC: The grapheme_stripos function in ext / intl / grapheme / grapheme / grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21 and 7.x before 7.0.6 allows remote attackers to cause a denial of service ( read out of bounds ) or possibly have an unspecified other impact via a negative offset.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4541\nCVE-Crit: CRITICAL\nCVE-DESC: The grapheme_strpos function in ext / intl / grapheme / grapheme / grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21 and 7.x before 7.0.6 allows remote attackers to cause a denial of service ( read out of bounds ) or possibly unspecified other impact via a negative offset.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4542\nCVE-Crit: CRITICAL\nCVE-DESC: The exif_process_IFD_TAG function in ext / exif / exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 incorrectly creates spprintf arguments, allowing remote attackers to cause a denial of service (read out of valid range) or possibly have unspecified other impact via the header data created.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-4543\nCVE-Crit: CRITICAL\nCVE-DESC: The exif_process_IFD_in_JPEG function in ext / exif / exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not check IFD sizes, allowing remote attackers to cause a denial of service (read out of acceptable range) or possibly unspecified other impact via crafted header data.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5093\nCVE-Crit: HIGH\nCVE-DESC: The get_icu_value_internal function in ext / intl / locale / locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22 and 7.x before 7.0.7 does not guarantee the presence of the '\\ 0 ' character, which allows remote attackers to cause a denial of service (read out of range) or possibly have an unspecified other impact with the generated locale_get_primary_language call.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5094\nCVE-Crit: HIGH\nCVE-DESC: An integer overflow in the php_html_entities function in ext / standard / html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by running a large string of output from the htmlspecialchars function.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5095\nCVE-Crit: HIGH\nCVE-DESC: An integer overflow in the php_escape_html_entities_ex function in ext / standard / html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have an unspecified other impact by running a large string of output from a call to FILTER_SANITIZE_FULL_SPECIAL_CHARS filter_var. NOTE: this vulnerability exists due to an incomplete patch for CVE-2016-5094.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5096\nCVE-Crit: HIGH\nCVE-DESC: Integer overflow in fread function in ext / standard / file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have an unspecified other impact via a large integer in the second argument.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5114\nCVE-Crit: CRITICAL\nCVE-DESC: sapi / fpm / fpm / fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17 and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, allowing attackers to retrieve sensitive information from process memory or cause a denial of service (read out of bounds and buffer overflow) via a long string, as demonstrated by a long URI in a configuration with customized REQUEST_URI logging.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5385\nCVE-Crit: HIGH\nCVE-DESC: PHP via 7.0.8 does not attempt to resolve namespace conflicts in section 4.1.18 RFC 3875 and therefore does not protect applications from having untrusted client data in the HTTP_PROXY environment variable, which could allow remote attackers to redirect outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as indicated by (1) an application executing a getenv ('HTTP_PROXY') call or (2) PHP's CGI configuration, also known as \"httpoxy. \" issue.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5399\nCVE-Crit: HIGH\nCVE-DESC: The bzread function in ext / bz2 / bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24 and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code through a crafted bz2 archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5768\nCVE-Crit: CRITICAL\nCVE-DESC: A double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23 and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) using a callback exception.\nCVE-STATUS: Default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2016-5769\nCVE-Crit: CRITICAL\nCVE-DESC: Multiple integer overflows in mcrypt.c in PHP's mcrypt extension before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application failure) or possibly have unspecified other impact via a created length value associated with functions (1) mcrypt_generic and (2) mdecrypt_generic.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5770\nCVE-Crit: CRITICAL\nCVE-DESC: Integer overflow in SplFileObject function :: fread in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 allows remote attackers to cause a denial of service or possibly have other undefined impact via a large integer argument, an issue related to CVE-2016-5096.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5771\nCVE-Crit: CRITICAL\nCVE-DESC: spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the deserialization and garbage collection implementation, allowing remote attackers to execute arbitrary code or cause a denial of service ( use-after-free and application crash) via processed serialized data.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-5773\nCVE-Crit: CRITICAL\nCVE-DESC: php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 does not properly interact with the deserialization and garbage collection implementation, allowing remote attackers to execute arbitrary code or cause a denial of service (post-release usage and application crash) using created serialized data containing a ZipArchive object.\nCVE-STATUS: default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2016-6174\nCVE-Crit: HIGH\nCVE-DESC: applications / core / modules / front / system / content.php in Invision Power Services IPS Community Suite (also known as Invision Power Board, IPB or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code using the content_class parameter.\nCVE-STATUS: Default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2016-6288\nCVE-Crit: CRITICAL\nCVE-DESC: The php_url_parse_ex function in ext / standard / url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via vectors that include the smart_str data type.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-6289\nCVE-Crit: HIGH\nCVE-DESC: An integer overflow in the virtual_file_ex function in TSRM / tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24 and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack based on buffer overflow) or possibly have an unspecified other impact via a crafted extract operation on a ZIP archive.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-6290\nCVE-Crit: CRITICAL\nCVE-DESC: ext / session / session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 incorrectly supports a specific hash data structure, allowing remote attackers to cause denial of service (post-release usage) or possibly unspecified other impact via vectors associated with session deserialization.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-6291\nCVE-Crit: CRITICAL\nCVE-DESC: The exif_process_IFD_in_MAKERNOTE function in ext / exif / exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out- of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly exert unspecified other influence via a generated JPEG image.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-6292\nCVE-Crit: MEDIUM\nCVE-DESC: The exif_process_user_comment function in ext / exif / exif.c in PHP before 5.5.38, 5.6.x before 5.6.24 and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL dereference pointer and application crash) via a generated JPEG image.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-6294\nCVE-Crit: CRITICAL\nCVE-DESC: The locale_accept_from_http function in ext / intl / locale / locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly restricts calls to the ICU function uloc_acceptLanguageFromHTTP , allowing remote attackers to cause a denial of service (read out of range) or possibly have unspecified other impact via a call with a long argument.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-6295\nCVE-Crit: CRITICAL\nCVE-DESC: ext / snmp / snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24 and 7.x before 7.0.9 improperly interacts with the deserialization and garbage collection implementation, allowing remote attackers to cause a denial of service (post-release usage and application crash) or possibly unspecified other impact via created serialized data, issue related to CVE-2016-5773.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-6296\nCVE-Crit: CRITICAL\nCVE-DESC: An integer signature bug in the simplestring_addn function in simplestring.c from xmlrpc-epi before 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have an unspecified other impact using the long first argument of the PHP xmlrpc_encode_request function.\nCVE-STATUS: default\nCVE-REV: Default\n\n\nCVE-ID: CVE-2016-6297\nCVE-Crit: HIGH\nCVE-DESC: An integer overflow in the php_stream_zip_opener function in ext / zip / zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via the created zip URL: //.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7124\nCVE-Crit: CRITICAL\nCVE-DESC: ext / standard / var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 improperly handles certain invalid objects, allowing remote attackers to cause a denial of service or possibly have unspecified other impact using created serialized data resulting in (1) a __destruct call or (2) a magic method call.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7125\nCVE-Crit: HIGH\nCVE-DESC: ext / session / session.c in PHP before 5.6.25 and 7.x before 7.0.10 misses invalid session names in a way that causes incorrect parsing, allowing remote attackers to inject arbitrary session data using session name control, as demonstrated by object injection.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7127\nCVE-Crit: CRITICAL\nCVE-DESC: The imagegammacorrect function in ext / gd / gd.c in PHP before 5.6.25 and 7.x before 7.0.10 incorrectly checks gamma values, allowing remote attackers to cause a denial of service (outside of -bounds write) or possibly have an unspecified other impact by providing different signs for the second and third argument.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7128\nCVE-Crit: MEDIUM\nCVE-DESC: The exif_process_IFD_in_TIFF function in ext / exif / exif.c in PHP before 5.6.25 and 7.x before 7.0.10 incorrectly handles the case of a thumbnail offset larger than the file size, allowing remote attackers to retrieve sensitive information. from process memory via the generated TIFF image.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7129\nCVE-Crit: CRITICAL\nCVE-DESC: The php_wddx_process_data function in ext / wddx / wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation error) or possibly have an unspecified other impact via an invalid ISO 8601 time value, as demonstrated by a call to wddx_deserialize that improperly handles the dateTime element in a wddxPacket XML document.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7130\nCVE-Crit: HIGH\nCVE-DESC: The php_wddx_pop_element function in ext / wddx / wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (null pointer dereferencing and application crash) or possibly unspecified other impact via an invalid base64 binary value, as demonstrated by a call to wddx_deserialize that improperly handles a binary element in a wddxPacket XML document.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7411\nCVE-Crit: CRITICAL\nCVE-DESC: ext / standard / var_unserializer.re in PHP before PHP 5.6.26 does not properly handle object deserialization failures, allowing remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a deserialization call that references a partially constructed object.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7412\nCVE-Crit: HIGH\nCVE-DESC: ext / mysqlnd / mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not check that the BIT field has an UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of service (heap based on buffer overflow) or possibly have an unspecified other impact via the metadata of the created field.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7413\nCVE-Crit: CRITICAL\nCVE-DESC: Use-after-free vulnerability in the wddx_stack_destroy function in ext / wddx / wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly specify another impact via a wddxPacket XML document that lacks an end tag for a record set field element, resulting in incorrect processing in a wddx_deserialize call.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7414\nCVE-Crit: CRITICAL.\nCVE-DESC: The ZIP signature verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough to allow remote attackers to cause a denial of service (offline). restricts memory access) or possibly have an unspecified other impact via the created PHAR archive associated with ext / phar / util.c and ext / phar / zip.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7416\nCVE-Crit: HIGH\nCVE-DESC: ext / intl / msgformat / msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 incorrectly limits the locale length provided to the Locale class in the ICU library, allowing remote attackers to cause a denial of service (application crash) or possibly unspecified other impact via a MessageFormatter :: formatMessage call with a long first argument.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7417\nCVE-Crit: CRITICAL\nCVE-DESC: ext / spl / spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 continues to deserialize SplArray without checking the return value and data type, allowing remote attackers to cause a denial of service or possibly have unspecified other impact with the serialized data created.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7418\nCVE-Crit: HIGH\nCVE-DESC: The php_wddx_push_element function in ext / wddx / wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and read outside bounds) or possibly have unspecified other impact due to an invalid logical element in the wddxPacket XML document, resulting in improper processing in the wddx_deserialize call.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7478\nCVE-Crit: HIGH\nCVE-DESC: Zend / zend_exceptions.c in PHP, possibly 5.x to 5.6.28 and 7.x to 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data , issue related to CVE-2015-8876.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7480\nCVE-Crit: CRITICAL\nCVE-DESC: The implementation of SplObjectStorage deserialization in ext / spl / spl_observer.c in PHP before 7.0.12 does not check if a key is an object, allowing remote attackers to execute arbitrary code or cause a denial of service (accessing uninitialized memory ) via processed serialized data.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2016-7131\nCVE-Crit: HIGH\nCVE-DESC: ext / wddx / wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (dereferencing a null pointer and crashing the application) or possibly have an unspecified other impact via an ill-formed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks the dmin character in forward_search_range () can result in invalid pointer dereferencing as the out-of-bounds output is read from the stack buffer.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2017-9228\nCVE-Crit: CRITICAL\nCVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in Oniguruma-mod in Ruby before 2.4.1.1 and mbstring in PHP before 7.1.5. An off-heap write occurs in bitset_set_range () during compilation of a regular expression due to an uninitialized variable from an invalid state transition. An invalid state transition in parse_char_class () can create an execution path that leaves a critical local variable uninitialized until it is used as an index, resulting in memory corruption of writing outside the allowed limits.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2017-9229\nCVE-Crit: HIGH\nCVE-DESC: The issue was found in Oniguruma 6.2.0, which was used in Oniguruma-mod in Ruby before 2.4.1.1 and mbstring in PHP before 7.1.5. SIGSEGV occurs in left_adjust_char_head () during regular expression compilation. Invalid reg-> dmax handling in forward_search_range () can lead to invalid pointer dereferencing, usually as an immediate denial-of-service condition.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-10545\nCVE-Crit: MEDIUM\nCVE-DESC: The issue was found in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumped FPM child processes allow bypassing opcache access controls because fpm_unix.c executes a PR_SET_DUMPABLE prctl call, allowing one user (in a multi-user environment) to retrieve sensitive information from the memory of a second user's PHP application processes by running gcore for the PID PHP-FPM Workflow.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-10546\nCVE-Crit: HIGH\nCVE-DESC: The issue was found in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext / iconv / iconv.c because the iconv stream filter does not reject invalid multibyte sequences.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-10547\nCVE-Crit: MEDIUM\nCVE-DESC: An issue was found in ext / phar / phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. Reflected XSS is present in PHAR 403 and 404 error pages via .phar file request data. NOTE: this vulnerability exists due to an incomplete patch for CVE-2018-5712.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-10548\nCVE-Crit: HIGH\nCVE-DESC: The issue was found in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext / ldap / ldap.c allows remote LDAP servers to cause a denial of service (null pointer dereferencing and application crash) due to improper handling of the ldap_get_dn return value.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-10549\nCVE-Crit: HIGH\nCVE-DESC: The issue was found in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext / exif / exif.c has read over limits for created JPEG data because exif_iif_add_value incorrectly handles a MakerNote case that is missing the last character '\\ 0'.\nCVE-STATUS: Default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-14883\nCVE-Crit: HIGH\nCVE-DESC: An issue was found in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. Integer overflow causes a heap-based buffer overflow in exif_thumbnail_extract from exif.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-15132\nCVE-Crit: HIGH\nCVE-DESC: An issue was found in ext / standard / link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function in Windows does not implement open_basedir validation. This can be abused to find files with paths outside of the allowed directories.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-14851\nCVE-Crit: MEDIUM\nCVE-DESC: exif_process_IFD_in_MAKERNOTE in ext / exif / exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20 and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (read out of range and application failure) via a crafted JPEG file.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-17082\nCVE-Crit: MEDIUM\nCVE-DESC: Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a \"Transfer-Encoding: fragmented\" request because the bucket brigade is mishandled in the php_handler function in sapi / apache2handler / sapi_apache2.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-19395\nCVE-Crit: HIGH\nCVE-DESC: ext / standard / var.c in PHP 5.x - 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereferencing and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext / com_dotnet /com_handlers.c, as shown in the serialization call to COM (\"WScript.Shell\").\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-19396\nCVE-Crit: HIGH\nCVE-DESC: ext / standard / var_unserializer.c in PHP 5.x - 7.1.24 allows attackers to cause a denial of service (application crash) with a deserialization call for a com, dotnet or variant class.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-19520\nCVE-Crit: HIGH\nCVE-DESC: A PHP 5.x issue was discovered in SDCMS 1.6. app / admin / controller / themecontroller.php uses the check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent the use of preg_replace 'e' calls, allowing users to execute arbitrary code using admin template control access .\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-20783\nCVE-Crit: HIGH\nCVE-DESC: In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, buffer over-reading in PHAR read functions may allow an attacker to read allocated or unallocated memory behind the actual data when attempting to parse a .phar file. This is related to phar_parse_pharfile in ext / phar / phar.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-19935\nCVE-Crit: HIGH\nCVE-DESC: ext / imap / php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (null pointer dereferencing and application crash) via an empty string in the message argument to the imap_mail function.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-5711\nCVE-Crit: MEDIUM\nCVE-DESC: gd_gif_in.c in the GD graphics library (also known as libgd), which was used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1 , has an integer signature bug that causes an infinite loop through the created GIF file, as demonstrated by calling the PHP function imagecreatefromgif or imagecreatefromstring. This is related to GetCode_ and gdImageCreateFromGifCtx.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-5711\nCVE-Crit: MEDIUM\nCVE-DESC: gd_gif_in.c in the GD graphics library (also known as libgd), which was used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1 , has an integer signature bug that causes an infinite loop through the created GIF file, as demonstrated by calling the PHP function imagecreatefromgif or imagecreatefromstring. This is related to GetCode_ and gdImageCreateFromGifCtx.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-5712\nCVE-Crit: MEDIUM\nCVE-DESC: The issue was found in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. The PHAR 404 error page contains Reflected XSS via a .phar file request URI.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-5712\nCVE-Crit: MEDIUM\nCVE-DESC: The issue was found in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. The PHAR 404 error page contains Reflected XSS via a .phar file request URI.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2018-7584\nCVE-Crit: CRITICAL.\nCVE-DESC: In PHP through 5.6.33, 7.0.x to 7.0.28, 7.1.x to 7.1.14, and 7.2.x to 7.2.2, a stack-based buffer undercount is observed when parsing HTTP data. response in the php_stream_url_wrap_http_ex function in ext / standard / http_fopen_wrapper.c. This subsequently causes a large string to be copied.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2019-6977\nCVE-Crit: HIGH\nCVE-DESC: gdImageColorMatch in gd_color_match.c in the GD graphics library (also known as LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1 has a heap-based buffer overflow. This can be exploited by an attacker who can initiate imagecolormatch calls with the image data created.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2019-9637\nCVE-Crit: HIGH\nCVE-DESC: The issue was found in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Because of the way rename () is implemented in file systems, it is possible for a renamed file to be briefly available with incorrect permissions while the renaming continues, allowing unauthorized users to access the data.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2019-9638\nCVE-Crit: HIGH\nCVE-DESC: An issue was found in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE due to improper handling of the maker_note-> offset to value_len ratio.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2019-9639\nCVE-Crit: HIGH\nCVE-DESC: An issue was found in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16 and 7.3.x before 7.3.3. An uninitialized read occurs in exif_process_IFD_in_MAKERNOTE due to improper handling of the data_len variable.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2019-9020\nCVE-Crit: CRITICAL.\nCVE-DESC: The issue was found in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the xmlrpc_decode () function can lead to invalid memory accesses (read or read heap after release). This is related to xml_eleelem_parse_buf in ext / xmlrpc / libxmlrpc / xml_element.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2019-9021\nCVE-Crit: CRITICAL.\nCVE-DESC: The issue was found in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Heap-based buffer re-reading in PHAR read functions in the PHAR extension could allow an attacker to read allocated or unallocated memory behind the actual data when attempting to parsing a filename, which is different from the CVE-2018-20783 vulnerability. This is related to phar_detect_phar_fname_ext in ext / phar / phar.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2019-9023\nCVE-Crit: CRITICAL.\nCVE-DESC: The issue was found in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. There are a number of heap-based buffer overflow instances in mbstring regular expression functions when they are supplied with invalid multibyte data. These are found in ext / mbstring / oniguruma / regcomp.c, ext / mbstring / oniguruma / regexec.c, ext / mbstring / oniguruma / regparse.c, ext / mbstring / oniguruma / enc / unicode.c, and ext / mbstring / oniguruma / src / utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2019-9024\nCVE-Crit: HIGH\nCVE-DESC: The issue was found in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode () may allow a hostile XMLRPC server to force PHP to read memory outside of the allocated areas in base64_decode_xmlrpc in ext / xmlrpc / libxmlrpc / base64.c.\nCVE-STATUS: default\nCVE-REV: default\n\n\nCVE-ID: CVE-2019-9641\nCVE-Crit: CRITICAL\nCVE-DESC: An issue was found in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16 and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.\nCVE-STATUS: default\nCVE-REV: default", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-02T17:57:45", "type": "rosalinux", "title": "Advisory ROSA-SA-2021-1950", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-1019", "CVE-2006-7243", "CVE-2009-2408", "CVE-2011-4718", "CVE-2012-1171", "CVE-2012-1571", "CVE-2013-4248", "CVE-2013-6501", "CVE-2013-6712", "CVE-2013-7226", "CVE-2013-7327", "CVE-2014-0207", "CVE-2014-0236", "CVE-2014-0237", "CVE-2014-0238", "CVE-2014-2020", "CVE-2014-2497", "CVE-2014-3478", "CVE-2014-3479", "CVE-2014-3480", "CVE-2014-3487", "CVE-2014-3515", "CVE-2014-3587", "CVE-2014-3597", "CVE-2014-3668", "CVE-2014-3669", "CVE-2014-3670", "CVE-2014-3981", "CVE-2014-4049", "CVE-2014-4670", "CVE-2014-4698", "CVE-2014-4721", "CVE-2014-5120", "CVE-2014-5459", "CVE-2014-8142", "CVE-2014-9425", "CVE-2014-9427", "CVE-2014-9652", "CVE-2014-9653", "CVE-2014-9705", "CVE-2014-9767", "CVE-2014-9912", "CVE-2015-0231", "CVE-2015-0232", "CVE-2015-0273", "CVE-2015-1351", "CVE-2015-1352", "CVE-2015-2331", "CVE-2015-2348", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3152", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3411", "CVE-2015-3412", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4116", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-4598", "CVE-2015-4599", "CVE-2015-4600", "CVE-2015-4601", "CVE-2015-4602", "CVE-2015-4603", "CVE-2015-4604", "CVE-2015-4605", "CVE-2015-4643", "CVE-2015-4644", "CVE-2015-5589", "CVE-2015-5590", "CVE-2015-6832", "CVE-2015-6833", "CVE-2015-6834", "CVE-2015-6835", "CVE-2015-6836", "CVE-2015-7803", "CVE-2015-7804", "CVE-2015-8835", "CVE-2015-8838", "CVE-2015-8865", "CVE-2015-8867", "CVE-2015-8873", "CVE-2015-8874", "CVE-2015-8876", "CVE-2015-8877", "CVE-2015-8879", "CVE-2015-8880", "CVE-2015-8935", "CVE-2015-8994", "CVE-2015-9253", "CVE-2016-10158", "CVE-2016-10159", "CVE-2016-10160", "CVE-2016-10161", "CVE-2016-10397", "CVE-2016-10712", "CVE-2016-1903", "CVE-2016-2554", "CVE-2016-3078", "CVE-2016-3141", "CVE-2016-3142", "CVE-2016-3185", "CVE-2016-4342", "CVE-2016-4343", "CVE-2016-4344", "CVE-2016-4345", "CVE-2016-4346", "CVE-2016-4537", "CVE-2016-4538", "CVE-2016-4539", "CVE-2016-4540", "CVE-2016-4541", "CVE-2016-4542", "CVE-2016-4543", "CVE-2016-5093", "CVE-2016-5094", "CVE-2016-5095", "CVE-2016-5096", "CVE-2016-5114", "CVE-2016-5385", "CVE-2016-5399", "CVE-2016-5768", "CVE-2016-5769", "CVE-2016-5770", "CVE-2016-5771", "CVE-2016-5773", "CVE-2016-6174", "CVE-2016-6288", "CVE-2016-6289", "CVE-2016-6290", "CVE-2016-6291", "CVE-2016-6292", "CVE-2016-6294", "CVE-2016-6295", "CVE-2016-6296", "CVE-2016-6297", "CVE-2016-7124", "CVE-2016-7125", "CVE-2016-7126", "CVE-2016-7127", "CVE-2016-7128", "CVE-2016-7129", "CVE-2016-7130", "CVE-2016-7131", "CVE-2016-7132", "CVE-2016-7411", "CVE-2016-7412", "CVE-2016-7413", "CVE-2016-7414", "CVE-2016-7416", "CVE-2016-7417", "CVE-2016-7418", "CVE-2016-7478", "CVE-2016-7480", "CVE-2016-9137", "CVE-2016-9138", "CVE-2016-9934", "CVE-2016-9935", "CVE-2017-11142", "CVE-2017-11143", "CVE-2017-11144", "CVE-2017-11145", "CVE-2017-11147", "CVE-2017-11628", "CVE-2017-12933", "CVE-2017-16642", "CVE-2017-7272", "CVE-2017-7890", "CVE-2017-8923", "CVE-2017-9224", "CVE-2017-9225", "CVE-2017-9226", "CVE-2017-9227", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-10545", "CVE-2018-10546", "CVE-2018-10547", "CVE-2018-10548", "CVE-2018-10549", "CVE-2018-14851", "CVE-2018-14883", "CVE-2018-15132", "CVE-2018-17082", "CVE-2018-19395", "CVE-2018-19396", "CVE-2018-19520", "CVE-2018-19935", "CVE-2018-20783", "CVE-2018-5711", "CVE-2018-5712", "CVE-2018-7584", "CVE-2019-6977", "CVE-2019-9020", "CVE-2019-9021", "CVE-2019-9023", "CVE-2019-9024", "CVE-2019-9637", "CVE-2019-9638", "CVE-2019-9639", "CVE-2019-9641"], "modified": "2021-07-02T17:57:45", "id": "ROSA-SA-2021-1950", "href": "https://abf.rosalinux.ru/advisories/ROSA-SA-2021-1950", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2018-15132
