CVE-2019-9020

creationtimestamp| type| source ---|---|--- 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...

MiracleLinux 8 : php:7.2 (AXSA:2020-845:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-845:01 advisory. php: Invalid memory access in function xmlrpcdecode CVE-2019-9020 php: File rename across filesystems may allow unwanted access during processing...

CVE-2020-9020

Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field...

Linux Distros Unpatched Vulnerability : CVE-2019-9020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lea...

CVE-2024-9020

The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-9020

creationtimestamp| type| source ---|---|--- 2025-01-18 06:04:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113847844465944239 2025-01-18 06:15:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfynunogad2w 2025-01-18 06:34:13+00:00| seen|...

CVE-2024-9020 List category posts < 0.90.3 - Author+ Stored XSS

The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-9020

The CVE-2024-9020 entry affects the WordPress plugin List category posts, specifically versions prior to 0.90.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation/escaping of shortcode attributes, which can allow users with Contributor+ privileges to ...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP

Summary IBM Flex System Chassis Management Module CMM has addressed the following vulnerabilities in PHP. Vulnerability Details CVEID: CVE-2019-9641 DESCRIPTION: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an...

Rocky Linux 8 : php:7.2 (RLSA-2020:1624)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:1624 advisory. - In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an...

K37681312: PHP vulnerability CVE-2019-9020

Security Advisory Description An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpcdecode can lead to an invalid memory access heap out of bounds read or read after free. This is related to xmlelemparsebu...

SUSE: Security Advisory (SUSE-SU-2019:14013-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0985-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Iteris Vantage Velocity Command Injection (CVE-2020-9020)

A command injection vulnerability exists in Iteris Vantage Velocity. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Moderate: Red Hat Security Advisory: php:7.2 security, bug fix, and enhancement update

An update for the php:7.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RLSA-2020:1624 Moderate: php:7.2 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.2.24. BZ1726981 Security Fixes: php: Invalid memory access in function xmlrpcdecode CVE-2019-9020 php: File rename across filesystems...

ALSA-2020:1624 Moderate: php:7.2 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.2.24. BZ1726981 Security Fixes: php: Invalid memory access in function xmlrpcdecode CVE-2019-9020 php: File rename across filesystems...

CVE-2020-9020

CVE-2020-9020 affects Iteris Vantage Velocity Field Unit firmware versions 2.3.1, 2.4.2, and 3.0. The root cause is an OS command injection via shell metacharacters entered in the NTP Server field processed by the CGI script cgi-bin/timeconfig.py. This could enable remote command execution with h...

Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabiltiies in PHP.

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in PHP. Vulnerability Details CVEID: CVE-2019-9641 DESCRIPTION: An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2019-1265)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...