SUSE: Security Advisory (SUSE-SU-2017:2518-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2468-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for php7 (openSUSE-SU-2021:0106-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:2456-1)

This update for php7 fixes the following issues : CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically cle...

SUSE SLES12 Security Update : php72 (SUSE-SU-2020:2405-1)

This update for php72 fixes the following issues : CVE-2020-7068: Use of freed hash key in the pharparsezipfile function bsc1175223. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically...

CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1350)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.2.x...

Amazon Linux AMI : php72, php73 (ALAS-2020-1339)

The version of php72 installed on the remote host is prior to 7.2.26-1.19. The version of php73 installed on the remote host is prior to 7.3.13-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1339 advisory. In PHP versions 7.2.x below 7.2.26, 7.3.x belo...

Medium: php72, php73

Issue Overview: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is...

PHP 7.2.x < 7.2.26 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.26, 7.3.x prior to 7.3.13, or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to imprope...

PHP 7.3.x < 7.3.13 / 7.4.x < 7.4.1 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.13 or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to improper handling of...

Fedora 30 : php (2019-437d94e271)

PHP version 7.3.13 18 Dec 2019 Bcmath: - Fixed bug php78878 Buffer underflow in bcshiftaddsub. CVE-2019-11046. cmb Core: - Fixed bug php78862 link silently truncates after a null byte on Windows. CVE-2019-11044. cmb - Fixed bug php78863 DirectoryIterator class silently truncates after a null byte...

CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

Memory corruption

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

UBUNTU-CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

CVE-2019-11046 Buffer underflow in bc_shift_addsub

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

CVE-2019-11046

Summary (CVE-2019-11046) : PHP versions affected are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0. The vulnerability is in the bcmath extension where a string containing characters identified as numeric by the OS but not ASCII digits can cause reading beyond allocated space, potentially disc...

CVE-2019-11046

Removed by vendor...