Lucene search
K

12 matches found

Amazon
Amazon
added 2024/02/05 12:0 a.m.59 views

Important: php73

Issue Overview: A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.1...

9.8CVSS8.1AI score0.08818EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2021/08/11 12:0 a.m.43 views

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

9.8CVSS7.2AI score0.9947EPSS
Exploits95References7
Tenable Nessus
Tenable Nessus
added 2021/07/31 12:0 a.m.86 views

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

9.8CVSS7.1AI score0.9947EPSS
Exploits95References4
Amazon
Amazon
added 2020/02/04 12:0 a.m.137 views

Medium: php72, php73

Issue Overview: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is...

9.8CVSS7.6AI score0.08818EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2020/01/24 12:0 a.m.55 views

PHP 7.3.x < 7.3.13 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.26, 7.3.x prior to 7.3.13, or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to imprope...

9.8CVSS7.7AI score0.08818EPSS
Exploits5References8
Tenable Nessus
Tenable Nessus
added 2020/01/10 12:0 a.m.157 views

PHP 7.2.x < 7.2.26 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.26. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to improper handling of embedded \0 byte character a...

7.5CVSS7.4AI score0.08818EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2020/01/10 12:0 a.m.566 views

PHP 7.3.x < 7.3.13 / 7.4.x < 7.4.1 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.13 or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to improper handling of...

9.8CVSS7.3AI score0.08818EPSS
Exploits5References8
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.280 views

Fedora Update for php FEDORA-2019-a54a622670

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS7AI score0.08818EPSS
Exploits5References2
OSV
OSV
added 2019/12/23 3:15 a.m.3 views

CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

7.5CVSS6.7AI score0.05124EPSS
Exploits2References5
CVE
CVE
added 2019/12/23 2:40 a.m.462 views

CVE-2019-11044

The CVE-2019-11044 issue affects PHP when running on Windows, where the link() function accepts filenames with embedded null bytes and treats them as terminating at that byte. Affected PHP versions are 7.2.x below 7.2.26, 7.3.x below 7.3.13, and 7.4.0 on Windows. The underlying cause is null-byte...

7.5CVSS6.7AI score0.05124EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2019/12/23 2:40 a.m.32 views

CVE-2019-11044 link() silently truncates after a null byte on Windows

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

3.7CVSS8.5AI score0.05124EPSS
Exploits2References5
Symantec
Symantec
added 2019/12/16 12:0 a.m.84 views

PHP CVE-2019-11044 Multiple Unspecified Security Vulnerabilities

Description PHP is prone to multiple unspecified security vulnerabilities. An attacker can exploit these issues to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. PHP 7.2.0 through 7.2.25, 7.3.0 through 7.3.12 and 7.4.0 are...

0.3AI score0.05124EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder