62 matches found
openSUSE: Security Advisory for php7 (openSUSE-SU-2020:0080_1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
PHP 7.3.x < 7.3.13 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is prior to 7.2.26, 7.3.x prior to 7.3.13, or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to imprope...
openSUSE Security Update : php7 (openSUSE-2020-80)
This update for php7 fixes the following issues : - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class bsc1159923. - CVE-2019-11046: Fixed an information leak in bcshiftaddsub bsc1159924. - CVE-2019-11047, CVE-2019-11050: Fixed...
OPENSUSE-SU-2020:0080-1 Security update for php7
This update for php7 fixes the following issues: - CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class bsc1159923. - CVE-2019-11046: Fixed an information leak in bcshiftaddsub bsc1159924. - CVE-2019-11047, CVE-2019-11050: Fixed...
Ubuntu: Security Advisory (USN-4239-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-4239-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4239-1 advisory. It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This...
USN-4239-1 php5, php7.0, php7.2, php7.3 vulnerabilities
It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, 16.04 LTS, 18.04 LTS, 19.04 and 19.10. CVE-2019-11045 It was discovered that PHP incorrectly handled certain inputs. An...
SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:0101-1)
This update for php7 fixes the following issues : CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class bsc1159923. CVE-2019-11046: Fixed an information leak in bcshiftaddsub bsc1159924. CVE-2019-11047, CVE-2019-11050: Fixed multiple...
PHP 7.2.x < 7.2.26 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.26. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to improper handling of embedded \0 byte character a...
PHP 7.3.x < 7.3.13 / 7.4.x < 7.4.1 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.13 or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to improper handling of...
Fedora Update for php FEDORA-2019-a54a622670
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] [DLA 2050-1] php5 security update
Package : php5 Version : 5.6.40+dfsg-0+deb8u8 CVE ID : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 Several security bugs have been identified and fixed in php5, a server-side, HTML-embedded scripting language. The affected components include the exif module and handling of filenam...
Security fix for the ALT Linux 9 package php7 version 7.3.13-alt1
7.3.13-alt1 built Dec. 27, 2019 Anton Farygin in task 243314 Dec. 20, 2019 Anton Farygin - 7.3.13. Fixes: CVE-2019-11046, CVE-2019-11045, CVE-2019-11049, CVE-2019-11050, CVE-2019-11047...
CVE-2019-11047
The CVE-2019-11047 issue affects the PHP EXIF extension: when parsing EXIF data with exif_read_data(), PHP versions 7.2.x < 7.2.26, 7.3.x
CVE-2019-11047 Heap-buffer-overflow READ in exif
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...
CVE-2019-11047
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure o...
Security fix for the ALT Linux 10 package php8.0 version 7.3.13-alt1
Dec. 20, 2019 Anton Farygin 7.3.13-alt1 - 7.3.13. Fixes: CVE-2019-11046, CVE-2019-11045, CVE-2019-11049, CVE-2019-11050, CVE-2019-11047...
Security fix for the ALT Linux 10 package php8.1 version 7.3.13-alt1
Dec. 20, 2019 Anton Farygin 7.3.13-alt1 - 7.3.13. Fixes: CVE-2019-11046, CVE-2019-11045, CVE-2019-11049, CVE-2019-11050, CVE-2019-11047...
PHP < 7.2.26 Multiple Vulnerabilities (Dec 2019) - Linux
PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
CVE-2018-11047
Cloud Foundry UAA, versions 4.19 prior to 4.19.2 and 4.12 prior to 4.12.4 and 4.10 prior to 4.10.2 and 4.7 prior to 4.7.6 and 4.5 prior to 4.5.7, incorrectly authorizes requests to admin endpoints by accepting a valid refresh token in lieu of an access token. Refresh tokens by design have a longe...