14 matches found
CVE-2026-32697
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...
CVE-2026-32697
CVE-2026-32697 affects SuiteCRM prior to 8.9.3. The vulnerability is in the RecordHandler::getRecord() path, which retrieves a record by module and ID without enforcing the user’s ACL view permission. The companion saveRecord() enforces ACLAccess('save'), but getRecord() omits ACLAccess('view'), ...
EUVD-2026-13380
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...
CVE-2026-32697 SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR)
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...
CVE-2026-23951 SumatraPDF's Integer Underflow in PalmDbReader Leads to Crash
SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting ...
Updated php packages fix security vulnerabilities
Opcache: - Reset global pointers to prevent use-after-free in zendjitstatus. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dnsgetrecord - Heap buffer overflow in arraymerge - Information Leak of Memory in getimagesize...
MGASA-2025-0330 Updated php packages fix security vulnerabilities
Opcache: - Reset global pointers to prevent use-after-free in zendjitstatus. PDO: - Fixed PDO quoting result null deref. Standard: - Fixed Null byte termination in dnsgetrecord - Heap buffer overflow in arraymerge - Information Leak of Memory in getimagesize...
EUVD-2014-3980
Malicious code in bioql PyPI...
SUSE CVE-2019-9022
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...
php: memcpy with negative length via crafted DNS response
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...
UBUNTU-CVE-2019-9022
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dnsgetrecord misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects phpparser...
php: multiple buffer over-reads in php_parserr
Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...
php: multiple buffer over-reads in php_parserr
Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...
UBUNTU-CVE-2014-4049
Heap-based buffer overflow in the phpparserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service crash and possibly execute arbitrary code via a crafted DNS TXT record, related to the dnsgetrecord function...