Lucene search
K

37 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2019-11045

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as...

5.9CVSS7AI score0.08818EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/12 12:0 a.m.50 views

RHEL 7 : php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - oniguruma: Use-after-free in onignewdeluxe in regext.c CVE-2019-13224 - main/streams/xpsocket.c in PHP 7....

9.8CVSS7.8AI score0.08888EPSS
Exploits17References20
Amazon
Amazon
added 2024/02/05 12:0 a.m.59 views

Important: php73

Issue Overview: A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.1...

9.8CVSS8.1AI score0.08818EPSS
Exploits6
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.232 views

K44650157: PHP DirectoryIterator vulnerability CVE-2019-11045

Security Advisory Description In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that th...

5.9CVSS7.4AI score0.08818EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.35 views

Mageia: Security Advisory (MGASA-2019-0412)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS6.6AI score0.08818EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2021/08/11 12:0 a.m.43 views

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:1130-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1130-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

9.8CVSS7.2AI score0.9947EPSS
Exploits95References7
Tenable Nessus
Tenable Nessus
added 2021/07/31 12:0 a.m.86 views

openSUSE 15 Security Update : php7 (openSUSE-SU-2021:2575-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2575-1 advisory. - Tenable.sc leverages third-party software to help provide underlying functionality. Multiple third-party components were found to contain...

9.8CVSS7.1AI score0.9947EPSS
Exploits95References4
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.48 views

SUSE SLES11 Security Update : php53 (SUSE-SU-2020:14289-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14289-1 advisory. - In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and...

9.1CVSS7.4AI score0.08818EPSS
Exploits4References19
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2020:0267-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS8AI score0.08818EPSS
Exploits3References2
OSV
OSV
added 2020/09/08 8:38 a.m.45 views

ALSA-2020:3662 Moderate: php:7.3 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...

9.8CVSS8.7AI score0.08888EPSS
Exploits19References23
AlmaLinux
AlmaLinux
added 2020/09/08 8:38 a.m.78 views

Moderate: php:7.3 security, bug fix, and enhancement update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 7.3.20. BZ1856655 Security Fixes: php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer...

9.8CVSS9AI score0.08888EPSS
Exploits19References23
OpenVAS
OpenVAS
added 2020/04/01 12:0 a.m.47 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1350)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.08818EPSS
Exploits7References2
Hacker One
Hacker One
added 2020/02/26 5:7 a.m.96 views

Internet Bug Bounty: DirectoryIterator class silently truncates after a null byte

The bug submitted at: https://bugs.php.net/bug.php?id=78863 The security advisory at: https://nvd.nist.gov/vuln/detail/CVE-2019-11045 There's an issue with SPL PHP extension on splfilesystemobjectconstruct function. When creating a new DirectoryIterator object splfilesystemobjectconstruct functio...

4.3CVSS7.3AI score0.08818EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/02/25 12:0 a.m.51 views

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1172)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.08818EPSS
Exploits7References2
Debian
Debian
added 2020/02/18 10:0 p.m.112 views

[SECURITY] [DSA 4628-1] php7.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4628-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2020 https://www.debian.org/security/faq -...

9.1CVSS8.7AI score0.08888EPSS
Exploits5
Debian
Debian
added 2020/02/17 8:39 p.m.94 views

[SECURITY] [DSA 4626-1] php7.3 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4626-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 17, 2020 https://www.debian.org/security/faq -...

9.8CVSS8.7AI score0.08888EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2020/02/07 12:0 a.m.47 views

SUSE SLES12 Security Update : php7 (SUSE-SU-2020:0352-1)

This update for php7 fixes the following issues : CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class bsc1159923. CVE-2019-11046: Fixed an information leak in bcshiftaddsub bsc1159924. CVE-2019-11047, CVE-2019-11050: Fixed multiple...

6.5CVSS6.8AI score0.08818EPSS
Exploits3References13
Amazon
Amazon
added 2020/02/04 12:0 a.m.137 views

Medium: php72, php73

Issue Overview: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is...

9.8CVSS7.6AI score0.08818EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2020/01/31 12:0 a.m.49 views

SUSE SLES12 Security Update : php72 (SUSE-SU-2020:0267-1)

This update for php72 fixes the following issues : CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class bsc1159923. CVE-2019-11046: Fixed an information leak in bcshiftaddsub bsc1159924. CVE-2019-11047, CVE-2019-11050: Fixed multipl...

6.5CVSS6.8AI score0.08818EPSS
Exploits3References13
OpenVAS
OpenVAS
added 2020/01/27 12:0 a.m.43 views

openSUSE: Security Advisory for php7 (openSUSE-SU-2020:0080_1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS7AI score0.08818EPSS
Exploits3References2
Rows per page
Query Builder